Secured media communication across enterprise gateway

ABSTRACT

A method for implementing communication between at least two client devices is provided. The first client device of the at least two client devices is disposed externally with respect to a firewall of an internal network. The method includes performing NAT (Network Address Translation) traversal between the first client device and a media server that is disposed internally with respect to the firewall of the internal network. The NAT traversal is configured to ascertain a NAT scheme employed for exchanging packets with the first client device. The method also includes establishing a communication path at least between the media server and the first client device, wherein logic for implementing the NAT traversal and logic for implementing the establishing the communication path are both implemented in the media server. The method further includes employing the media server to facilitate the communication.

PRIORITY CLAIM

This application is related to and claims priority under 35 U.S.C.§119(e) to a commonly assigned provisional patent application entitled“Advanced Mobile Communication Platform Apparatus and Method,” by Caronet al., Attorney Docket Number DVTS-P001P1, Application Ser. No.60/723,410 filed on Oct. 3, 2005; and a commonly assigned provisionalpatent application entitled “Advanced Mobile Communication PlatformApparatus and Method,” by Kalkunte et al., Attorney Docket NumberDVTS-P007P, Application Ser. No. 60/804,806 filed on Jun. 14, 2006, allof which are incorporated herein by reference.

BACKGROUND OF THE INVENTION

Conventional mobile communication platforms include cellularcommunications, for example, Global Systems for Mobile (GSM)communications. Other conventional platforms that support limitedmobility include Wi-Fi, which is based on IEEE 802.11 standards. Theseare both well known and established platforms.

Next generation platforms are designed to permit mobile users to movebetween cellular and Wi-Fi networks and include an Unlicensed MobileAccess (UMA) standard that provides a switch controller for carriers topermit users to transcend between cellular and Wi-Fi networks andvice-versa. However, the UMA standard has disadvantages including thatthe carrier controls the calls and decides if and when to switch usersbetween networks.

What is needed is an advanced mobile communication platform thatprovides enterprise level communication and control over users and thenetworks that they choose to select based on enterprise driven criteriarather than carrier driven criteria.

SUMMARY

The invention relates, in an embodiment, to a method for implementingcommunication between at least two client devices. The first clientdevice of the at least two client devices is disposed externally withrespect to a firewall of an internal network. The method includesperforming NAT (Network Address Translation) traversal between the firstclient device and a media server that is disposed internally withrespect to the firewall of the internal network. The NAT traversal isconfigured to ascertain a NAT scheme employed for exchanging packetswith the first client device. The method also includes establishing acommunication path at least between the media server and the firstclient device, wherein logic for implementing the NAT traversal andlogic for implementing the establishing the communication path are bothimplemented in the media server. The method further includes employingthe media server to facilitate the communication.

In another embodiment, the invention relates to a server forfacilitating communication between at least two client devices, a firstclient device of the at least two client devices being disposedexternally with respect to a firewall of an internal network. The serveris disposed internally with respect to the firewall of the internalnetwork. The server includes first logic for performing NAT (NetworkAddress Translation) traversal between the first client device and theserver. The server also includes second logic for establishing acommunication path at least between the server and the first clientdevice.

In yet another embodiment, the invention relates to a communicationsystem. The communication system includes a firewall of an internalnetwork. The communication system also includes at least two clientdevices, a first client device of the at least two client devices beingdisposed externally with respect to the firewall of the internalnetwork. The communication system further includes a server disposedinternally with respect to the firewall of the internal network andconfigured to store first logic for performing NAT (Network AddressTranslation) traversal between the first client device and the serverand to store second logic for establishing a communication path at leastbetween the server and the first client device.

These and other features of the present invention will be described inmore detail below in the detailed description of the invention and inconjunction with the following figures.

BRIEF DESCRIPTION OF THE DRAWINGS

The invention is described with reference to the following figures.

FIG. 1 depicts a system network according to an embodiment of theinvention.

FIGS. 2A-C depict a mobility server according to an embodiment of theinvention.

FIG. 3 depicts a mobility client according to an embodiment of theinvention.

FIGS. 4A-E depict a structure and method for fast media handoff betweenWi-Fi and cellular networks.

FIG. 5A depicts an overview of the rendezvous calling (RC) architecture.

FIG. 5B depicts message exchanges between the RS Client and the RCcapable Media Communication Server.

FIG. 5CA is a flowchart showing logic employed in the MediaCommunication Server for RC processing.

FIG. 6A depicts a system block diagram purposes of describing a networkstack according to an embodiment of the invention.

FIG. 6B depicts a system network stack according to an embodiment of theinvention.

FIG. 7 depicts an overview of the secure VoIP deployment for enterprisecommunication.

FIG. 8 shows, in an embodiment of the invention, a telecommunicationsession being established between an external telecommunication deviceand a mobility client, which is within an enterprise.

FIG. 9 illustrates, in accordance with one or more embodiments of thepresent invention, examples of server functional modules that may beimplemented in a mobility server.

FIG. 10 illustrates, in accordance with one or more embodiments of thepresent invention, examples of client functional modules that may bepart of mobility client application.

FIG. 11 shows, in an embodiment, a simple call flow showing anestablishment of a telecommunication request initiated by a mobilityclient within an enterprise.

FIG. 12 illustrates, in accordance with one or more embodiments of thepresent invention, an example of a call roaming scenario in which a userof a mobility client roams from a Wi-Fi network to a cellular network.

FIG. 13 illustrates, in an embodiment of the present invention, the callflows for the roaming scenario of FIG. 12.

FIG. 14A illustrates, in accordance with one or more embodiments of thepresent invention, an example of a call roaming scenario in which a userof a mobility client roams from a cellular network back into a Wi-Finetwork managed by an enterprise.

FIG. 14B illustrates, in an embodiment of the present invention, a callflow that provides the steps for the handoff that may occur.

FIG. 15A illustrates, in accordance with one or more embodiments of thepresent invention, an example of a call roaming scenario in which a userof a mobility client roams from a cellular network into a third-partyWi-Fi network.

FIG. 15B illustrates, in an embodiment of the present invention, a callflow that provides the steps for the handoff that may occur.

FIG. 16A illustrates, in accordance with one or more embodiments of thepresent invention, a call establishment between two mobility clients.

FIG. 16B illustrates, in an embodiment of the invention, the call flowfor FIG. 16A.

FIG. 17 shows a prior art block diagram of a transcoder within acarrier-managed gateway.

FIG. 18 shows, in an embodiment, a block diagram illustrating anarrangement for transcoding.

FIG. 19 illustrates, in accordance with an embodiment of the invention,a high level logic block diagram of an automated rendezvous callingenvironment.

FIG. 20 shows, in accordance with an embodiment, the steps taken by a RC(rendezvous calling) server module in setting up a RC call.

FIG. 21 shows, in accordance with an embodiment, a simple call flowinvolving two teleconference participants.

FIG. 22 shows, in accordance with an embodiment of the presentinvention, the call flow for setting up the teleconference using theparameters specified in the example of FIG. 21, except that the mobilityserver is now shown to include as constituent components presenceserver, call control, and RC server.

FIG. 23 shows, in accordance with an embodiment of the presentinvention, a call flow for a cellular recipient authentication procedurethat takes place when a new telephone call is made by a caller to arecipient via the recipient's enterprise extension number.

FIG. 24 shows, in accordance with an embodiment of the presentinvention, a call flow that occurs when the recipient does not answerthe cellular call.

FIG. 25 shows, in accordance with an embodiment of the presentinvention, a call flow for a cellular recipient authentication procedurewith an allotted authentication period.

FIG. 26 shows a prior art simple block diagram of access pointsconnected to different controllers.

FIG. 27 shows a simple prior art block diagram of access points linkedto an interconnected set of controllers.

FIG. 28 shows, in an embodiment of the invention, a block diagram of auser on a mobility client roaming between two access points managed by asingle controller.

FIG. 29 shows, in an embodiment of the invention, a block diagram of auser on a mobility client roaming between two access points that may bemanaged by two different controllers.

FIG. 30 shows, in accordance with one or more embodiments of the presentinvention, a call flow of a roaming scenario that does not involve an IPaddress change (as discussed in FIG. 28).

FIG. 31 shows, in accordance with one or more embodiments of the presentinvention, a call flow of a roaming scenario that involves IP addresschange.

FIG. 32 shows, in accordance with one or more embodiments of the presentinvention, a buffer scheme.

FIG. 33 shows a prior art logic block diagram in which a host processoris employed not only to perform the classification and packet forwardingtasks, but also to perform other host processing tasks.

FIG. 34 shows a simplified logic block diagram of a prior artimplementation in which network processors are employed to offload someof the tasks formerly performed by the host processor of FIG. 33.

FIG. 35 shows, in accordance of an embodiment of the invention, a highlevel logic block diagram of a VoIP gateway, which employs FPGAs toprovide redundant Ethernet processing paths through the VoIP gateway.

FIG. 36, shows in accordance with an embodiment of the presentinvention, the steps taken by the VoIP gateway of FIG. 35 in processinga packet received.

FIG. 37 show, in accordance to an embodiment of the present invention,an example of an UDP port lookup step of FIG. 36.

FIG. 38 is a prior art representation of a Voice-Over-IP (VoIP)environment in which a STUN (Simple Traversal of UDP through NAT) serveris employed to facilitate NAT (Network Address Translation) traversal.

FIG. 39 shows a prior art implementation of a STUN/TURN (SimpleTraversal of UDP through NAT/Traversal Using Relayed NAT) NAT traversalimplementation, in which a secured tunnel is implemented between aSTUN/TURN server and a media server.

FIG. 40 shows, in accordance with an embodiment of the presentinvention, a generalized NAT traversal arrangement in which all fourtypes of NAT translations can be traversed while eliminating therequirement that an external NAT traversal server be maintained outsideof the enterprise firewall.

FIG. 41 shows, in accordance with an embodiment of the presentinvention, a NAT traversal arrangement in which two ports on a mediaserver is employed to service media streams to and from two externalclient devices.

FIG. 42 shows, in accordance with an embodiment of the presentinvention, a NAT traversal arrangement in which a single MSAP port on amedia server is employed to service media streams to and from twoexternal client devices.

FIG. 43 illustrates an example prior art arrangement for processingmedia data during handoffs in wireless communication.

FIG. 44A illustrates an example prior art handoff scenario in which agap may exist in the media data streams that are being sent by twonetworks.

FIG. 44B illustrates an example prior art handoff scenario in which anoverlap may exist between the media data streams that are being sent bytwo networks.

FIG. 45 illustrates, in accordance with one or more embodiments of thepresent invention, an arrangement for processing media data during ahandoff in wireless communication.

FIG. 46A shows, in accordance with one or more embodiments of thepresent invention, an architectural block diagram of a media server andvoice quality engine module.

FIG. 46B shows, in an embodiment, a block diagram illustrating anexample of a method for generating a cross-correlated media data set ofpackets.

FIG. 47 shows, in accordance with one or more embodiments of the presentinvention, a flowchart of a method for processing media data during ahandoff of a mobile telecommunication device between networks.

FIG. 48 shows, in accordance with one or more embodiments of the presentinvention, a flowchart of a method for controlling signal levels of amobile telecommunication device during a handoff.

TABLE OF CONTENTS A. Architecture B. Enhancing User Experience in MediaHandoffs C. Automatically Setup of Point-To-Point and Point-To-Multipoint Multi-Media Conference Calls with Administrator and UserControlled Rules and Preferences (Rendezvous Calling) D. Call RoutingVia Recipient Authentication E. Reducing Data Loss in Media Handoffs F.Selecting Network Stack Functions in Hardware For a Media StreamProcessing Distributed System G. Secure Media Communication AcrossEnterprise Gateway (NAT/Firewall) H. Conclusion

DETAILED DESCRIPTION

The invention is described with reference to specific apparatus andembodiments. Those skilled in the art will recognize that thedescription is for illustration and to provide the best mode ofpracticing the invention. For example, while references are made tocertain communication protocols, others are anticipated by theinvention. For instance, while Wi-Fi (IEEE 802.11) is described as aprotocol for wireless communication, other protocols may be implementedin the invention. References made herein to the mobility client, clientdevice, and mobile equipment (ME) are equivalent.

Various embodiments are described herein below, including methods andtechniques. It should be kept in mind that the invention might alsocover an article of manufacture that includes a computer readable mediumon which computer-readable instructions for carrying out embodiments ofthe inventive technique are stored. The computer readable medium mayinclude, for example, semiconductor, magnetic, opto-magnetic, optical,or other forms of computer readable medium for storing computer readablecode. Further, the invention may also cover apparatuses for practicingembodiments of the invention. Such apparatus may include circuits,dedicated and/or programmable, to carry out operations pertaining toembodiments of the invention. Examples of such apparatus include ageneral purpose computer and/or a dedicated computing device whenappropriately programmed and may include a combination of acomputer/computing device and dedicated/programmable circuits adaptedfor the various operations pertaining to embodiments of the invention.

A. ARCHITECTURE

FIG. 1 depicts a system network 100 according to an embodiment of theinvention. Mobile equipment (ME) 102 is provided that communicates withthe network in a number of possible ways. ME 102 can communicate with acellular network 110 that includes a Base Transceiver Station (BTS) 112,a BTS Switching Center (BSC) 114 and Mobile Switching Center (MSC) 116.The MSC is coupled to a Media Gateway 120 that is coupled to a publicswitched telephone network (PSTN) 122. Other conventional public andprivate telephones 124 are also coupled to the PSTN. A PBX 130 iscoupled to the PSTN and serves an enterprise for purposes of making andreceiving calls, for example, via telephone 136. Mobility server 150 iscoupled to the PBX as well as other networks. For example, mobilityserver 150 is coupled via router 132 to an Internet Protocol Wide AreaNetwork (WAN) 138. The mobility server 150 is also coupled via router140 and firewall 142 to the Internet 144. The mobility server is alsocoupled to a local area network (LAN) with wireless access point 160.One access point is depicted while the invention anticipates multipleaccess points as well. The access point 160 permits a user with ME 102to wander in the enterprise and stay connected to the PSTN through themobility server 150 and PBX 130. If the user wanders beyond the boundaryof the LAN, the user will be connected to an alternate network (e.g. thecellular network) as described below in detail. Also depicted is anaccess point 180 that is coupled to the internet for access undercertain conditions as described herein.

FIGS. 2A-C depict a mobility server according to an embodiment of theinvention.

Security Manager—The definition of security when two or more entitiesare communicating involves the following aspects:

-   -   1. Mutual Authentication of the communicating entities    -   2. Privacy of the communication channel    -   3. Integrity of messages exchanged    -   4. Authentication of messages

In mobility solution in accordance with one or more embodiments of thepresent invention, there are three distinct communicating entities:mobility client, mobility server and external VoIP GW. And there are twodistinct types of paths between these entities: SIP signaling path andMedia path.

As described in the Architecture Specification[1] the followingmechanisms are used to achieve the above mentioned security aspectsbetween client, server and external gateway for signaling and datapaths:

-   -   1. SIP TLS session between client and server.    -   2. Client Authentication using SIP Notify after SIP TLS        establishment    -   3. Authentication of users with server    -   4. SIP TLS session between server and external VoIP Gateway.    -   5. Server authentication with external VoIP Gateway    -   6. Secure media path    -   7. Derived requirements

User/Device Manager/Mobility Controller—The device and mobility Manager(hereby referred to as DMM) is a module that handles deviceconfiguration and status as well as the mobility aspects while there isan active call on a device. The following sections capture thefunctional and design specifications of the DMM along with the publicinterfaces that it supports.

Here is a summary of the roles and responsibilities of the DMM

-   -   1. Device configuration controlled by the enterprise        administrator.    -   2. Report status of the device.    -   3. Image management for the device    -   4. Maintain and implement the mobility logic for handsets with        an active call—i.e. handle Wi-Fi to Cell and vice-versa handoff.    -   5. Handles device initialization and configuration requests from        the client.

Control Plane/Call Control—Call control (CC) is the primary controlplane module responsible for the following functions:

-   -   1. Voice over IP call processing    -   2. SIP proxy server and B2BUA    -   3. PSTN Call management through PSTN GWs    -   4. PBX feature management through Asterisk    -   5. Resource and Connection management

Call control module resides on the DN media switch. It interfaces withthe SIP stack and Asterisk (or any other) PBX module to provide theabove mentioned functionality.

-   -   1. SIP stack (for UA, CCM, and Asterisk etc): SIP stack is        mainly used as protocol message decode/encode engine. SIP stack        also performs basic protocol specific tasks, like standards        based message parsing and validation, retransmissions,        proprietary message validation etc. For most of the proxy and        B2BUA tasks, SIP stack relies on CC for decision making.        Interactions between CC and Asterisk as well as CC and CCM are        through standards based SIP messages.    -   2. Proxy Agent/Configuration Manager (PA/CM): Proxy agent acts        as a configuration manager for all the applications. Call        control related information is downloaded by PA at the time of        provisioning or after the disk DB is read following a system        bring up. CC stores the data in RAM for local/faster access. CC        also updates PA of any dynamic information (e.g. call going        active or down), or on demand information (e.g. SNMP GET)    -   3. Resource Manager (RM): Resource manager provides logical map        of the physical/network resources. These resources include GE        port, DSP resources, sockets, UDP/TCP ports etc and do not        include system resources like memory, buffer pool, timers,        queues etc. It also does not include sockets used for internal        IPC communication. CC uses RM for resource CAC, resource        reservation and commit. As part of the commit, RM talks to media        switch to program hardware to enable media flow.

Media Switch Application (MSA)—The MSA will be designed to run partiallyon Linux and remaining on TMS320DM64x DSP processor. The applicationwill perform the following functions:

RTP packet processing.

Switching.

Transcoding.

Conferencing.

Adaptive jitter buffer.

Packet loss concealment.

Post processing which includes VAD/CNG and AGC

The MSA software needs to support encoding/decoding of different speechcodecs. The type of algorithm and channel can change during run timei.e. a design to support multi-channel, multi-algorithm is needed. Eachcodec algorithm needs to be reentrant, and the program as well as dataneeds to be fully releasable. In order to support various codecs thefollowing needs to taken into account:

-   -   a. Since the DSP has limited on chip data memory not all data        can be placed on-chip all the time in multi-channel,        multi-algorithm application. This requires all data (context and        tables) in each algorithm to be relocatable (between on/off chip        memory) during context switching. This requires a need to find        out the memory, stack size as well as MIPS requirement for each        supported codec.    -   b. A mechanism to exchange messaging between host and DSP        process indicating channel number as well as codec type along        with any other features. The channel configuration manager needs        to open a channel on DSP indicating type of functionality        required. Periodic message indicating the state of DSP needs to        be implemented.

The DSP processor allows the external host to access the DSP externalmemory. The DSP has 16 Kbytes of first level program as well as datamemory. The program as well as data memory share the second level memoryof 256 Kbytes. The 16 Mbytes of external memory (SDRAM) is available.The shared memory between the two processors stores the incoming as wellas outgoing RTP data. Since the DSP needs to support N number ofchannels, this memory will contain N receive as well as transmit buffersof length 320 bytes each (for video these buffers need to be of 1500bytes). Data structure for messaging between host and DSP as well asinformation needed on per call basis needs to be defined. The followingsteps define the DSP functionality:

-   -   a. At boot up once the software is downloaded to DSP (the DSP        will indicate the same by writing a predetermined value at a        fixed memory location to indicate to host that the software is        downloaded).    -   b. Upon successful download of software, the DSP will run an        internal timer of 10 msec.        -   At this time the DSP is polling for channel state to change            to process which is set by the host once the packet arrives.    -   c. A start call or open channel command from the host indicating        codec type, data ready as well as call type (initially only        voice) is sent for RX as well as TX direction.    -   d. Based on channel opened the DSP picks up the RTP data from        the external buffers and performs the DSP related functionality        on those.    -   e. On the TX side the DSP places encoded data on the external        buffers to be picked up by the TX agent.

FIG. 3 depicts a mobile equipment client according to an embodiment ofthe invention.

The client software or handset software runs on the handsets that arecompatible with the mobility server. Typically these are dual-modehandsets that have the capability to provide telephony connection on thecellular network (CDMA or GSM) as well as IP connection on the LANnetwork (wired LAN or wireless LAN).

The software can be also be compiled for a desktops/laptops or a PDAswhich have a microphone and a speaker to function as a softphone.

User Interface

The client user-interface provides the following functionality:

-   -   Setup startup configuration—DNS IP addresses, mobility server        URL, Startup user-state (INVISIBLE/AVAILABLE), security settings    -   Change user state (INVISIBLE/AVAILABLE)    -   Add enterprise “buddies” and get their presence information        (INVISIBLE/AVAILABLE/CALL-IN-PROGRESS)    -   Display availability status of enterprise “buddies” and connect        to them    -   User Interface to common enterprise telephony features        -   call making        -   call receiving        -   call waiting        -   call forwarding        -   call transfer        -   multi-party conferencing        -   voice-mail notification        -   missed calls notification        -   received calls notification        -   placed calls notification        -   number lookup and dial by name    -   Manual override to use cellular network instead of Wi-Fi network    -   Display version mismatch    -   Upgrade request/status    -   Disable/inhibit client software—ISP application is used to        make/receive cellular calls Call-control and voice    -   Call control for making VoIP calls on LAN interface    -   Voice Engine for making VoIP calls on LAN interface—includes        codecs, echo-cancellation, jitter control, error concealment    -   Call handoff from cellular call to VoIP call    -   Call handoff from VoIP call to cellular call

802.11

-   -   Determine which IP networks are available and their signal        strength and communicate that information to the server    -   AP client    -   Power management of 802.11 miniport—whenever the signal strength        of 802.11 is below acceptable threshold, hibernate and poll it        at infrequent intervals to conserver power    -   Package the signal strength and voice-quality info into RTCP        packets if the call is in progress or in keepalives if the call        is not in progress to communicate to the server. Whenever the        signal strength drops below an acceptable threshold or the        voice-quality deteriorates, the server will make a decision to        switch the calls from VoIP to cellular network.

Platforms

Since there are a multitude of handset vendors in the market and a lotof them coming up with dual-mode handsets, it is a must to design thesoftware in such a way that most of the code is shared across handsets.Therefore, the code has to be divided into platform dependent part andplatform independent part. Most, in fact all of the Divitas core valueshould be in platform independent part of the software which should beeasily portable from one platform to another. The platform dependentpart should be only the functional adaptation layers (particularlyTelephony, LAN, 802.11, Audio and Display adaptation layers). Wheneverthe code is ported to a new platform, only these adaptation layers needto be modified or rewritten, while providing a uniform API to theplatform independent part.

The client software will run on multiple handset platforms. The mostprevalent handset platforms are Windows® CE, Linux®, and Symbian®.

In addition to the dual-mode handsets, the client application isdesigned to work on 802.11 phones, PDAs or laptops/desktops which do nothave a cellular telephony interface. On these platforms, a subset offeatures is available to the user. Basically, the call handoff from VoIPto cellular will not be possible.

Theory of Operations

Startup and Security Operations

On startup, the client application looks for the available resources onthe handset. It first checks for presence of wired network. If notpresent, then it checks for the presence of an 802.11 network. The wiredor wireless medium authentication is done depending on the enterprisesecurity policy. The handset client shall support the security mechanismemployed in the enterprise. The most common security mechanism is WPA(Wi-Fi Protected Access). Once the authentication is done successfully,the wireless client gets the IP address for the IP interface using DHCP.

The application gets the mobility server URL and DNS IP addresses frompersistent database and tries to register with a mobility server.

The client application could be running on a handset which is inside theenterprise network. In that case, the client can reach the mobilityserver without any other security blankets. In case the client is in apublic network, say a coffee shop or an airport with Wi-Fi internetaccess, typically the user sets up a VPN connection to the enterprise.The client can reach the mobility server only after the VPN tunnel issetup.

The client application software authenticates the handset with theserver by sending an encrypted certificate (installed by Enterprise IT)to the server. Once that is authenticated, the client gets thelogin/password from the user or stored in the handset, encrypts that andsends it to the server for user authentication. On successfulauthentication, the server replies by sending the enterprise phonenumber. In reply, the client sends the cellular phone number to theserver. The server binds the two for all future handoff scenarios.

The signaling and media stream are secured using SIP/TLS for signalingand SRTP for media stream. However, if the user is on a VPN link, thenclient need not add another level of encryption. Adding another level ofencryption to that may result in reduced voice quality. In that case,SIP is used for signaling and RTP/RTCP for media stream.

The above process is repeated whenever the client regains networkconnectivity with the server.

Steady State Operations

The user can choose to be INVISIBLE or AVAILABLE at startup byconfiguring on the GUI and saving that configuration in the persistentdatabase. The client updates the user's presence information to theserver.

The user can also enter frequently called buddies within the enterpriseand save that configuration in the persistent database on the handset.The client gets the presence information (in bulk) of these buddieswhether they are INVISIBLE, AVAILABLE or CALL-IN-PROGRESS. The serverupdates the presence information of these buddies to the clients as andwhen the event occurs.

Whenever a call is not in progress, the client and server exchangekeepalives periodically.

The client sends the network status to the server periodically. If it ison an 802.11 wireless network, it sends the SSID, signal-strength andbandwidth of the associated access point (AP) to the server. If there isa call in progress, it sends it as part of in-band RTCP packets. Ifthere is no call in progress, it sends it in out-of-band keepalivemessages.

Whenever a network session is available from the client to the server,the preferred mode of making and receiving calls to the client is on thenetwork interface. However, the user can choose to override it and makethe outgoing calls on the cellular network. This selection is notcommunicated to the server and it doesn't affect the incoming calls.This selection is also not stored in persistent database. The user hasto explicitly make the selection every time he makes an outgoing call.

Whenever a network session is not available from the client to theserver, the only way of making and receiving calls is on the cellularinterface. The user does not have access to all the enterprise features.The user can make and receive calls using the client software UI howeverthe client software provides only a subset of the service providerfeatures. To use all the features of the cellular service providernetwork, the user may have to terminate (or inhibit) the client softwareand use the cellular service providers dialer application. If theservice provider application is being used to make and receive calls,then the handoff described below in section 3.4.2 will not be possible.

A user has access to all the enterprise features as long as the clienthas a session established to the server. The client GUI is used toprovide access to these enterprise features to the user.

Voice

SIP signaling is used to establish voice calls between the client andthe server. Voice from the audio receiver is encoded into one of thecodecs supported by Voice Engine (VE), encapsulated into RTP packets,encrypted if needed, and sent on the IP interface to the server.Similarly RTP packets received from server is decrypted if needed,decoded using one of the codecs and played out. Speech decoding, jittercontrol and error concealment are done by VE on the receive side.

In addition to encryption/decryption, encoding/decoding of speech, VoiceEngine performs error concealment, jitter control, adaptive packetbuffering, Acoustic Echo Cancellation and Suppression, NoiseCancellation and Suppression, Automatic Gain Control, Voice ActivityDetection, Comfort Noise Generation.

Roaming

A handset client is a mobile device, unlike the portable laptops.

Intra-WLAN Handoff

When a user is in an 802.11 network having a phone conversation andwalks across the building, an AP handoff could occur viz. the user'shandset is now associated with a different AP than the one it waspreviously associated with. The AP handoff could occur without IPaddress change if the handoff is within the same subnet or to anothersubnet, in which case the IP address of the handset changes. If the IPaddress changes, then the client needs to register with the serveragain. The established calls continue to flow in the meantime using theold flow information until the Voice-Engine (VE) is communicated of thenew IP address. Voice-engine ensures that the RTP streams going out ofthe client will have the new IP address when it gets the event.

When a wireless client authenticates using 802.1X, there are a series ofmessages sent between the wireless client and the wireless access point(AP) to exchange credentials. This message exchange introduces a delayin the connection process. When a wireless client roams from onewireless AP to another, the delay to perform 802.1X authentication cancause noticeable interruptions in network connectivity, especially fortime-dependent traffic such as voice or video-based data streams. Tominimize the delay associated with roaming to another wireless AP, thewireless equipment can support PMK caching and pre-authentication.

PMK Caching

As a wireless client roams from one wireless AP to another, it mustperform a full 802.1X authentication with each wireless AP. WPA allowsthe wireless client and the wireless AP to cache the results of a full802.1X authentication so that if a client roams back to a wireless APwith which it has previously authenticated, the wireless client needs toperform only the 4-way handshake and determine new pairwise transientkeys. In the Association Request frame, the wireless client includes aPMK identifier that was determined during the initial authentication andstored with both the wireless client and wireless AP's PMK cacheentries. PMK cache entries are stored for a finite amount of time, asconfigured on the wireless client and the wireless AP.

To make the transition faster for wireless networking infrastructuresthat use a switch that acts as the 802.1X authenticator, the WPA/WPS IEUpdate calculates the PMK identifier value so that the PMK as determinedby the 802.1X authentication with the switch can be reused when roamingbetween wireless APs that are attached to the same switch. This practiceis known as opportunistic PMK caching.

Preauthentication

With preauthentication, a WPA wireless client can optionally perform802.1X authentications with other wireless APs within its range, whileconnected to its current wireless AP. The wireless client sendspreauthentication traffic to the additional wireless AP over itsexisting wireless connection. After preauthenticating with a wireless APand storing the PMK and its associated information in the PMK cache, awireless client that connects to a wireless AP with which it haspreauthenticated needs to perform only the 4-way handshake.

WPA clients that support preauthentication can only preauthenticate withwireless APs that advertise their preauthentication capability in Beaconand Probe Response frames.

Wi-Fi-Cellular Handoff

When the user in an 802.11 network having a phone conversation walks outof the building where there is no or insufficient 802.11 connectivity,the call is handed over to cellular network.

The decision to handoff the call is made by the client. The decision isbased on 802.11 signal-strength, channel loading and voice-qualitythresholds. Once the decision is made, it is communicated to the serverwhich initiates a call to the client on the cellular network. The clientchecks the caller-id of the incoming call, compares to the 802.11caller-id, and if there is a match, accepts the cellular call and dropsthe 802.11 call leg. On the server side, the server drops the 802.11call leg to the client, patches the cellular call leg to the othertalking party.

Cellular-Wi-Fi Handoff

When the user having a phone conversation on cellular network walks intoan 802.11 network, and the handset/user can associate itself with amobility server, then if the user is talking to another user in the802.11 network, the call is handed over to the 802.11 network.

The decision to handoff the call is made by the client. The decision isbased on availability of sufficient 802.11 signal-strength, channelloading and voice quality. Once the decision is made, it is communicatedto the server which initiates a call to the client on the 802.11network. The client checks the caller-id of the incoming call, comparesto the cellular caller-id, and if there is a match, accepts the 802.11call and drops the cellular call leg. The server drops the cellular callleg to the client, patches the 802.11 call leg to the other talkingparty.

Power Save

When the handset client is idle on the 802.11 network, the 802.11miniport goes to sleep. Before going to sleep it tells the AP that itwishes to go to sleep by setting the power save bit in the 802.11 headerof every frame. The AP receives the frame, notice the client's wish toenter power save mode. The AP begins buffering the packets for theclient while the client's 802.11 miniport is asleep. The miniportconsumes very little power while asleep. It wakes up periodically toreceive regular beacon transmissions coming from the access point. Thepower-saving clients need to wake up at the right time when the beaconsare transmitted to receive the beacons. TSF (Timing SynchronizationFunction) assures AP and power-save clients are synchronized. TSF timerkeeps running when stations are sleeping. These beacons identify whethersleeping stations have packets buffered at the AP and waiting fordelivery to their respective destinations.

When there are no incoming beacons for an extended period of time, the802.11 miniport is put to sleep. It periodically wakes up, probes theair for APs, if there are none present, it goes back to sleep. In thiscase, it sleeps for longer duration than previous case.

Features and advantages of the present invention may be betterunderstood with reference to the figures and elaborated discussions thatfollow.

Communication is an integral part of society that enables people todevelop and nurture relationships. The desire to stay connected has ledto the proliferation of a variety of telecommunication services (e.g.,cellular service, Wi-Fi service, VoIP service, land line service, etc.)and devices (e.g., mobile telephones, multi-mode telephones, desktelephones, IP telephones, etc.). Generally, enterprises haveimplemented a combination of these telecommunication services anddevices in order to provide theirs employees with the flexibility andmobility to promote business and to handle day-to-day activities.

In a typical enterprise, the employees may have desk telephones, whichmay be associated with extension numbers, connected to a public switchedtelephone network (PSTN) through a private branch exchange (PBX) of theenterprise. Also, some employees may also have cellular telephones thatcan perform voice and/or data communication through a cellular network,such as a GSM, CDMA, or UMTS network. Further, some employees may employIP telephones that are able to connect to the Internet through awireless local area network (e.g., wireless LAN based on one or moreIEEE 802.11 standards) to perform voice and/or data communication. Inaddition, some employees may also have multi-mode telephones, which arecapable of performing voice and/or data communication through two ormore communication networks. In an example, multi-mode telephones mayhave the capability to connect through both a cellular network and theInternet (via a wireless access point).

Enterprises may implement such a multi-network arrangement in an attemptto increase accessibility to theirs employees, thus facilitatingcommunication both internally and with third parties. Unfortunately, thedifferences and even incompatibilities between different networks anddevices have introduced new problems for enterprises.

Consider the situation wherein, for example, an enterprise employee maybe away from his desk telephone. Thus, the employee may be unreachablethrough his desk telephone extension number and incoming calls may berouted to his voicemail. Consequently, a caller may have the option ofleaving a message on the employee's voicemail, redialing the telephonenumber at a later time, and/or attempting to reach the employee on analternative number. The inability to make contact with the employee maycause significant inconvenience to the caller, resulting in anunsatisfactory telephone experience and may even result in loss ofbusinesses to the enterprise.

In an attempt to address the inaccessibility issue, an enterprise mayimplement a multi-network arrangement. In an implementation of themulti-network arrangement, an employee with a desk telephone extensionnumber may have the option of call forwarding incoming calls to aspecific telephone number. Thus, even though the incoming calls may becall forwarded to a multi-mode telephone, which may be associated withmultiple network services, the incoming call may only be call forwardedvia a specific network as dictated by the specific telephone numberprovided. Such model does not scale for large deployment. In an example,if the specific telephone number is associated with a cellular telephonenumber, then the call forwarding will be performed through a cellularnetwork even if a less expensive Wi-Fi network may be available.Similarly, if the specific telephone number is associated with a Wi-Fitelephone number, then the call forwarding will be performed through aWi-Fi network. However, the employee may still be unreachable if a Wi-Finetwork is not available or the employee is not currently connected tothe Wi-Fi network. Thus, even though the more expansive cellular networkmay be available, incoming calls forwarded to a Wi-Fi telephone numberare not able to take advantage of the cellular network.

Besides call forwarding, the enterprise may also incorporate nextgeneration mobile communication standards that allow multi-modetelephone users to move between cellular and Wi-Fi networks. Thestandards include an Unlicensed Mobile Access (UMA) standard thatspecifies switching control schemes for the carriers of the cellularnetwork to enable multi-mode telephone users to roam between thecellular and Wi-Fi networks.

Generally, the implementation of equipment (e.g., networking equipmentand multi-mode telephones) based on the UMA standard may besignificantly different by different vendors. Thus, a UMA server that isoperated by a carrier may be compatible with a limited set of equipmentbrands and/or models. As a result, an enterprise that implements a UMAsolution provided by a carrier may be faced with limited choices inselecting network equipments and multi-mode telephones. In addition, theflexibility to change carrier may now be dependent upon the enterprise'swillingness to expend additional resources to purchase new equipments(e.g., network equipment and multi-mode telephones). The fact that thevoice operation control is only within the carrier space it is notdesirable for an enterprise.

Since a UMA solution is provided by a carrier, an enterprise may have torely on the carrier of the cellular network to manage the cellulartelephone usage and may have little or no direct control over relatedpolicy, service, usage, security, and/or privacy. In an example, thecarrier controls the telephone calls and decides if and when switchingbetween networks may occur. Thus, the enterprise may not be able tosteer the usage from the more expensive cellular service to the lessexpensive Wi-Fi service, even if the user has access to the Wi-Finetwork.

In accordance with embodiments of the present invention, there isprovided a wireless communication system solution that may beimplemented by an enterprise. In accordance with one aspect of thepresent invention, the inventors herein realized that although anenterprise's communication needs may be addressed by differentsolutions, there is not an integrated approach in which the enterpriseretains control of its telecommunication solution. Embodiments of theinvention enable the wireless communication system to provide anintegrated solution by including a mobility server, which may beinternally managed by the enterprise, and a mobility client, which mayinteract with the mobility server.

In this document, various implementations may be discussed using voicetelecommunication requests/sessions as an example. This invention,however, is not limited to voice telecommunication requests/sessions andmay be employed for telecommunication requests/sessions that may berelated to real time media transfer. Examples, of real-time media mayinclude, but are not limited to, telephone call, instant messaging,email, video transmission, and the like.

As discussed herein, a mobility server refers to a computer system thatmay manage and/or control both incoming and outgoing media trafficthrough the enterprise. In an embodiment of the invention, the mobilityserver may be connected with a plurality of networks. The plurality ofnetworks may be implemented based on different communication standardsand may include a wireless local area network (wireless LAN) managed bythe enterprise. The plurality of networks may be further expanded toinclude one or more cellular networks operated by carriers and wirelessLANs managed by third parties. In addition, the mobility server may beindependent of hardware platforms implemented by the plurality ofnetworks.

In an embodiment of the invention, the mobility server may interact witha mobility client, which may be configured to operate in the pluralityof networks. As discussed herein, a mobility client refers to atelecommunication device that includes mobility client software. Thetelecommunication device (e.g., mobile telephones, multi-modetelephones, desk telephones, IP telephones, etc.) may be of differentbrand and/or models. In an embodiment, the mobility client may be amulti-mode telecommunication device capable of operating on a pluralityof networks.

In an embodiment, the wireless communication system solution may alsowork with a single mode telecommunication device. For a single modetelecommunication device, the telecommunication device may have mobilityclient software downloaded onto the telecommunication device making thedevice a mobile-enabled telecommunication device capable of interactingwith the mobility server. In other words, even though the single modetelecommunication device is incapable of roaming between networks, thesingle mode telecommunication may still benefit from the advantagesoffered by the wireless communication system solution, such as smoothertransition between access points (if an IP telephone), a better voicequality experience, and call forwarding.

In an embodiment, the mobility client may be configured to be associatedwith a contact number such as, for example, an extension number of anenterprise's main telecommunication line. The mobility client mayinclude client functional modules, which may interact with serverfunctional modules. The client functional modules of the mobility clientmay be implemented on the application layer of the open systemsinterconnection (OSI) architecture. Accordingly, the client functionalmodules may be independent of the operating system of the mobilityclient. For example, the operating system of the mobility client may beWindows® CE, Windows® Mobile, Linux®, or Symbian®.

In an embodiment of the invention, the mobility server may includemobility server software, which may include a plurality of serverfunctional modules, such as a mobility manager server module, a callcontrol server module, a presence manager server module, a servermanagement module, a database manager module, a policy manager module, aproxy protocol server module, a PBX interface module, a resource managermodule, a data protocol/data transaction server module, a SIP stackmodule, a socket module, and a media manager module and voice qualityengine module. In an embodiment of the invention, the mobility clientmay include mobility client software, which may include a plurality ofclient functional modules, such as a user interface module, a nativeapplication module, a mobility manager client module, a call controlclient module, a presence manager client module, a proxy protocol servermodule, a data protocol/data transaction client module, a voice enginemodule, and a wrapper module. The mobility server application mayinteract with the mobility client application to handle differenttelecommunication functions, such as managing telecommunicationrequests, validating user, performing handoff between the plurality ofnetworks during roaming, modulating real-time media quality (e.g., voicequality, data transfer, etc.), and the like.

In an embodiment of the invention, the mobility server may be configuredto store network connectivity information about the mobility client. Byusing the network connectivity of the mobility client, the mobilityserver may be configured to route incoming telecommunication requests tothe mobility client. The mobility server may also be configured toestablish outgoing telecommunication requests from the mobility clientusing the network connectivity information about the mobility client.The incoming and outgoing telecommunication requests may include voiceand/or data requests.

By interacting with the mobility server, a mobility client may nowseamlessly roam among the plurality of networks (e.g., cellular network,Wi-Fi networks, PSTN, etc.) with minimal interruptions (e.g., droppedcalls, loss of voice quality, background noise, echo, etc.). Therefore,employees of the enterprise may be easily reached through mobilityclients. Thus, the enterprise may resolve its accessibility issuewithout implementing a third party solution, such as a UMA server.

Since all incoming and outgoing telecommunication requests may now berouted through an internal mobility server, the enterprise may now takecontrol of its telecommunication function. With control, the enterprisemay be able to ensure secured and legitimate access to its data.Further, with control, the enterprise may be able to increase a user'sexperience by routing telecommunication sessions through one or more ofthe available plurality of networks to prevent a disruptedtelecommunication session, to prevent data lost, and/or to minimizedegradation of data quality. In addition, with control, the enterprisemay manipulate its telecommunication usage cost by routingtelecommunication sessions through less expensive available networks.Accordingly, the enterprise now can balance cost, quality, and securitywhile providing a mobile communication system solution.

In an embodiment, a plurality of mobility servers may be deployed at aplurality of sites at the enterprise to reduce tromboning, or routingtelecommunication request back and forth. The plurality of mobilityservers may be connected through a virtual private network that ismanaged by the enterprise. The benefit of a plurality of mobilityservers may include a reduction in unnecessary telecommunication sessiondelays and inefficient use of network resource.

The features and advantages of the present invention may be betterunderstood with reference to the figures and discussions that follow.

FIG. 8 shows, in an embodiment of the invention, a telecommunicationsession being established between an external telecommunication deviceand a mobility client, which is within an enterprise. As discussedherein, a telecommunication device refers to a device that may beemployed to send media packets. Examples of telecommunication devicesinclude, but are not limited to, cellular telephones, desk telephones,multi-mode telephones, IP telephones, and the like. As discussed herein,a mobility client refers to a telecommunication device that hasinstalled mobility client application.

Consider the situation wherein, for example, an individual on anexternal telephone is trying to establish a telecommunication sessionwith an individual on a mobility client. Unlike the prior art, the userof an outside telephone 802 does not have to know multiple telephonenumbers in order to make contact with the intended receiving party ofthe telecommunication request. Instead, the user of outside telephone802 now only needs access to a single telephone number. In an example,user of outside telephone 802 dials an enterprise 800's main line and anextension number to reach the intended receiving party.

The telecommunication request by the user of outside telephone 802 maytraverse through a carrier network 860 (as illustrated by a leg 830) toconnect with a user of a mobility client 816 within enterprise 800.

Enterprise 800 may have a wireless communication system, which mayinclude at least a mobility server 818 and mobility client 816. Throughan IP network 812, such as an intranet, mobility server 818 may beconnected with a wireless local area network represented by Wi-Finetwork 814 (or access point 814). Also, through IP network 812 and aprivate branch exchange 810 (PBX 810), mobility server 818 may beconnected with carrier network 860 and/or a cellular network 862, whichin turn may be connected with external telecommunication devices, suchas outside telephone 802 that is outside a firewall 820 of enterprise800. Further, through firewall 820, mobility server 818 may be connectedwith an Internet 850, which may be connected with various othernetworks. Mobility server 818, IP network 812, firewall 820, PBX 810,and Wi-Fi network 814 are managed by enterprise 800.

As mentioned above, the wireless communication system may furtherinclude mobility client 816 that may be utilized by an employee ofenterprise 800. Mobility client 816 may be associated with a set ofcontact numbers (e.g., land line telephone number, IP address, extensionnumber, cellular telephone number, etc.), which include at least onecontact number. The method of associating mobility client 816 to a setof contact numbers may be performed by a number of methods, for example,a subscriber identity module (SIM), that is well known in the art.

In an embodiment, the telecommunication request may first be receivedinternally within enterprise 800 by PBX 810 (as shown by a leg 832). PBX810 may then route the telecommunication request through an internal IPnetwork 812 (e.g., intranet) to mobility server 818 (as shown by a leg834). In an embodiment, communication between PBX 810 and mobilityserver 818 may be packet-based communication.

In an embodiment, mobility client 816 may first register with mobilityserver 818 upon activation. In this scenario, since mobility client 816is currently located within enterprise 800, mobility client 816 hasregistered with mobility server via Wi-Fi network 814. Once mobilityserver 818 has received the registration information from mobilityclient 816 and has verified that mobility client 816 is a valid andsubscribed device, mobility server 816 may accept incoming and outgoingtelecommunication request to and from mobility client 816.

Since mobility client 816 has already registered with mobility server818 via Wi-Fi network 814, mobility server 818 knows to forward theincoming telecommunication request back through IP network 812 to reachmobility client 816 at Wi-Fi access point 814 (as shown by a leg 836).

Since the telecommunication request is routed through mobility server818, enterprise 800 may be able to manage its telecommunicationinfrastructure. For example, enterprise 800 may be able to screenincoming telecommunication request, verify and validate user's access,monitor duration of the telecommunication session, and the like.

In an embodiment, mobility server 818 is a server that manages allincoming and outgoing telecommunication sessions. In other words, mediatraffic (e.g., media packets) may be routed to mobility server 818before being forwarded to a final destination (e.g., mobility client 816or outside telephone 802). Mobility server 818 may include mobilityserver application, which may include a plurality of server functionalmodules. With mobility server application, mobility server 818 may nowmanage the enterprise's telecommunication infrastructure.

FIG. 9 illustrates, in accordance with one or more embodiments of thepresent invention, examples of server functional modules that may beimplemented in mobility server 818 of FIG. 8. Server functional modulesmay include, but are not limited to, a server management module 906, adatabase manager module 908, a policy manager module 910, a presencemanager server module 912, a PP server module 914, a PBX I/F module 918,a call control server module 920, a mobility manager server module 922,a resource manager module 924, a DP/DX server module 926, a SIP servermodule 930, a socket server module 932, and a media server and voicequality engine module 934.

Server management module 906 may be configured to provide a userinterface for managing and/or monitoring communication media traffic,users, communication services, and telecommunication devices (such asmobility client 816 of FIG. 8). The user interface may include aweb-based interface.

Database (DB) manager module 908 may be configured to manage one or moredatabases accessed by mobility server 818 while saving data and/orretrieving data. In an example, mobility server 818 may employ database908 to compare a contact number in a telecommunication request against alist of contact numbers to determine which mobility client may beassociated with the incoming contact number. Further, DB manager module908 may perform other database management tasks such as, for example,data back-up, data recovery, and database update.

Policy manager module 910 may be configured to enforce policy defined byenterprise 800. The policy may include, but are not limited to,telecommunication session privileges, ability to roam, availability ofcommunication service features, and the like.

Presence manager server module 912 may be configured to receive andstore a user's presence state from a mobility client such as mobilityclient 816 of FIG. 8 and/or a mobility manager server module 922.Examples of a user's presence state may include, but are not limited to,online, idle, busy, offline, receiving, text only, voice only, voicemessage only, and the like. The user's presence state may be viewable byother parties. The user's presence state may be employed to establishwillingness to participate in incoming telecommunication request. Thus,the user's presence state may be employed by call control server module920 to determine whether or not to establish a telecommunication sessionbetween mobility client 816 of FIG. 8 and another telecommunicationdevice.

PP server module 914 may represent a proxy protocol software forinteracting with an application server 904 (which may be external tomobility server 818) and translating between generic data applicationsacross difference platforms. Example of such generic data applicationsmay include non-voice applications such as email and instant messaging.

PBX I/F module 918, or PBX interface module 918, may be configured toenable mobility server 818 to interface with PBX 810.

Call control server module 920 may be a control plane module responsiblefor functions pertaining data communication establishment (e.g., voicecalls or audio/video/information streaming). The functions may include,but are not limited to, VoIP call processing, SIP (session initiationprotocol) proxy server and back-to-back SIP user agent (B2BUA), PSTNcall management through PSTN gateways, PBX feature management, andresource and connection management.

Mobility manager server module 922 may be configured to receive andstore connectivity information from a mobility client such as mobilityclient 816 (shown in FIG. 8) when a telecommunication session isestablished. The connectivity information may include strength ofsignals received by the mobility client. The connectivity informationmay be employed to determine when and how to connect the mobilityclient. Mobility manager server module 922 may also maintain mobilitylogic for determining whether to let the mobility client perform ahandoff

Resource manager module 924 may be configured to communicate with mediaserver and voice quality engine module 934 to determine if there issufficient resource for establishing data communication (e.g., voicecalls or audio/video/information streaming). Also, resource managermodule 924 may forward to mobility manager server module 922 status dataabout the quality of the telecommunication session received from mediaserver and voice quality engine module 934

DP/DX server module 926 may represent data protocol/data transactionfunction for secure communication between mobility server 818 andmobility client 816 of FIG. 8. For example, the secure communication mayinclude transmission of the user's presence state and the networkconnectivity information from mobility client 816 of FIG. 8 to serverpresence manager server module 912 and mobility manager server module922, respectively. The secure communication may also includetransmission of the mobility client's registration information,communication status, handoff signals, etc.

SIP server module 930 may represent a protocol message decode/encodeengine. SIP server module 930 may also performs basic protocol specifictasks such as, for example, standards based message parsing andvalidation, retransmissions, proprietary message validation, etc.

Socket server module 932 may provide an interface for communicatingbetween various modules and is typically part of the operating systemson which mobility server 818 may run. In FIG. 9, server functionalmodules shown above socket server module 932 may be configured forsignaling; the server functional module shown below server socket servermodule 932, i.e., media server and voice quality engine module 934 maybe configured for managing voice and data traffic.

Media server and voice quality engine module 934 may be configured tomonitor and handle IP packets (e.g., voice packets), decode and encodedata (e.g., voice), and encryption and decryption of secure transmissionof data. In an embodiment, media server and voice quality engine module934 may be implemented on stand-alone hardware. In an embodiment, mediaserver and voice quality engine module 934 may also be configured todetect imminent handoffs to a cellular network based on lack of arrivalof a number of consecutive IP packets.

In an embodiment, media server and voice quality engine module 934 mayinclude a transcoder. As discussed herein a transcoder refers tosoftware that can encode and/or decode data packet into different mediadata formats (e.g., GSM, G.711, G.729, etc.). In the prior art,transcoding may be performed by either a carrier-managed gateway or atelecommunication device. If the transcoding is performed by thecarrier-managed gateway, there may be inefficient use of networkresource. In an example, cellular data packet (e.g., GSM) being sent totelecommunication device in an IP network (e.g., Wi-Fi) may first haveto be converted into an IP-enabled format (e.g., G.711). Since G.711format files are of low-compression, the G.711 format files may requirea higher bandwidth. If the transcoding is performed by thetelecommunication device, which needs to have transcoding capability,the user of the telecommunication device may be burdened with theconfiguration requirements.

However, by integrating a transcoder into media server and voice qualityengine module 934, communication is not limited by media data format.Instead, mobility server may now accept different media data format andconvert the data packets into format that may be acceptable by thetelecommunication device. As a result, high compression data format maynow be more extensively employed to promote efficient utilization ofnetwork resource. In addition, the burden of transcoding is no longerthe responsibility of the telecommunication device.

Referring back to FIG. 8, mobility client 816 may include mobilityclient application, which may include a plurality of client functionalmodules, in an embodiment. Mobility client application may be downloadedonto mobility client 816 to enable mobility client 816 to manage its owntelecommunication needs. The mobility client application may bedownloaded to mobility client 816 by the user of mobility client 816through well-known media such as, for example, the Internet or opticalstorage media. In addition, the mobility client application may enablemobility client 816 to interact with mobility server 818 in order tocreate an environment that will satisfy the telecommunication needs ofuser of mobility client 816

FIG. 10 illustrates, in accordance with one or more embodiments of thepresent invention, examples of client functional modules that may bepart of mobility client application. Mobility client 816 may includeboth device specific modules and client functional modules. Devicespecific modules are operating system functional modules that may beprovided by the operating system of the mobility client 816. Operatingsystem functional modules may include a socket client module 1004, aTAPI (telephony application programming interface) module 1060, a WLAN(wireless local area network) manager module 1006, a cell data managermodule 1008, and a GUI (graphical user interface) toolkit module 1010.Client functional modules may include, but are not limited to, a userinterface module 1082, a native applications 1094, a mobility managerclient module 1096, a call control client module 1098, a presencemanager client module 1050, a PP client module 1052, a DP/DX clientmodule 1054, a wrapper module 1056, a SIP client module 1068, a voiceengine module 1070, and a XMPP (extensible messaging and presenceprotocol) parser module 1072.

User interface module 1082 may be configured to display features andconfiguration options to the user and to receive user input. Userinterface module 1082 may also be configured to interact with otherclient functional modules such as, for example, mobility manager clientmodule 1096 and call control client module 1098.

Native applications module 1094 may include applications that can takeadvantage of connectivity but will need to be agnostic of theconnectivity method used such as, for example, a CRM application ordatabase client.

Mobility manager client module 1096 may be configured to receive andevaluate current state of connectivity with information such as signalstrength data and other parameters to make handoff decisions. Criteriafor the handoff decisions may be received and stored in mobility managerclient module 1096 when mobility client 816 registers with mobilityserver 818 (shown in FIG. 8). The criteria may relate to signalstrength, channel loading, voice quality, and/or data transmissionquality.

Call control client module 1098 may be configured to interact with userinterface module 1082 and to manage outgoing and incoming data(including outgoing and incoming voice calls) of mobility client 816.For outgoing data, user interface module 1082 may provide instructionsto call control client module 1098, and then call control client module1098 may manage other client functional modules to initiate the outgoingdata. For incoming data, call control client module 1098 may instructuser interface module 1082 to inform the user of mobility client 816 ofthe incoming data. In response, through user interface 1082, the usermay provide instructions to call control client module 1098 regardingthe incoming data such as picking up or diverting an incoming call.

Presence manager client module 1050 may be configured to indicate theuser's presence state, which presence manager server module 912 ofmobility server 818 (shown in FIG. 8) may employ to manage incomingcall. The user of mobility client 816 may configure the user's presencestate using user interface module 1082. Examples of a user's presencestate may include, but are not limited to, online, idle, busy, offline,receiving, text only, voice only, voice message only, and the like.

PP client module 1052 may represent proxy protocol for communicatingwith PP server module 914 of mobility server 818 (shown in FIG. 8).

DP/DX client module 1054 may represent data protocol/data transactionfunction for secure communication with DP/DX server module 926 ofmobility server 818 (shown in FIG. 8).

Wrapper module 1056 may represent application programming interface(API) that may enable the above mentioned client functional modules ofmobility client 816 to interact with operation system functional modulessuch as, for example, telephony application interface protocol 1060(TAPI 1060) for telephony services. As mentioned above, operating systemfunctional modules are device specific modules that may pre-exist in theoperating system of mobility client 816. Wrapper module 1056 may enablethe aforementioned client functional modules to be implementedindependent of the operating system (e.g., Windows® CE, Windows® Mobile,Linux®, or Symbian®) of mobility client 816. Unlike the prior art, theclient functional modules are not dependent upon the operating systemsince the client functional modules may be implemented on theapplication layer of the OSI architecture.

In one or more embodiments, the possible client functional modules mayfurther include one or more of SIP client module 1068, voice enginemodule 1070, and XMPP parser module 1072.

SIP client module 1068 may be configured to interact with SIP servermodule 930 of mobility server 818 (shown in FIG. 8) for call signalingsuch as, for example, inviting, OK, and acknowledgement messages betweenmobility client 816 and mobility server 818 of FIG. 8.

Voice engine module 1070 may be configured to provide one or more ofencoding, decoding, echo cancellation, jitter control, and errorconcealment.

XMPP parser module 1072 may be configured to enable messaging services.

Referring back to FIG. 8, a similar type of connection may be performedby mobility server 818 when the user of mobility client 816 initiatesthe telecommunication request. The telecommunication request may firstbe sent to mobility server 818 via Wi-Fi network 814 and IP network 812.Mobility server 818 may first verify the legitimacy of the user who ismaking the telecommunication request. If the user is not a registereduser, mobility server 818 may terminate the request. If the user is aregistered user, mobility server 818 may next verify the contact number.Upon identifying the contact number as an external number, mobilityserver 818 may forward the telecommunication request to PBX 810. Uponreceiving the request, PBX 810 may dial the contact number to requestcarrier network 860 to make contact with the user at outside telephone802.

To better illustrate the scenario, FIG. 11 shows, in an embodiment, asimple call flow showing an establishment of a telecommunication requestinitiated by mobility client 816. FIG. 11 will be discussed in relationto FIGS. 8, 9, and 10.

At a first step 1100, the user of mobility client 816 may send a SIPinvite to mobility server 818. In an embodiment, to send a SIP invite,user of mobility client 816 may employ a user interface module 1082 toenter in a contact number for outside telephone 802. Once thetelecommunication request has been entered, call control client module1098 may be initiated. Call control client module 1098 may interact withmobility manager client module 1096 to determine the best method forreaching mobility server 818. Mobility manager client module 1096 maycheck the user's connectivity status and determine the network throughwhich connection may be made. In an example, since mobility client 816has registered with mobility server 818 via Wi-Fi network 814, mobilitymanager client module 1096 may determine, based on registrationinformation, that the user is currently on a Wi-Fi network and that callcontrol client module 1098 may request for a Wi-Fi connection. Sincecall control client module 1098 is aware that a Wi-Fi connection may bemade via SIP, call control client module 1098 may access SIP client(library) module 1068 via wrapper module 1056. SIP client module 1068may send a SIP invite through socket client module 1004 to mobilityserver 818.

If mobility manager 1096 determines that the user of mobility client 816has not yet registered, then the telecommunication request may be sentto TAPI module 1060 via wrapper module 1056. TAPI module 1060 may thenforward the telecommunication request through cellular network 862 toreach PBX 810. PBX 810 may then forward the telecommunication requestthrough IP network 812 to reach mobility server 818.

Note that if a user of mobility client 816 is within an enterpriseenvironment, mobility client 816 may have already automaticallyregistered with mobility server 818. The situation in which mobilityclient 816 is not registered may usually occur when a telecommunicationsession is requested while the user of mobility client 816 is outside ofenterprise 800.

Upon receiving the SIP invite, mobility server 818 may verify thecontact number. In order to perform the verification of the contactnumber, the SIP invite is forwarded to call control server module 920via socket server module 932 and SIP server module 930. Upon receivingthe contact number, call control server module 920 may interact withresource manager module 924 of mobility server 818 to confirm if thereis enough network resource (e.g., radio frequency resource, trafficchannel, etc.) for supporting the call.

In addition, call control server module 920 may then check with DBmanager module 908 to determine how the contact number should behandled. The DB manager module 908 may determine that the contactnumber, which is associated with outside telephone 802, is notregistered with mobility server 818.

Referring back to FIG. 11, at a next step 1102, call control servermodule 920 of mobility server 818 may send the SIP invite to PBX 810through PBX interface module 918. In response, at a next step 1104, PBX810 may send a ring back signal to mobility server 818, which in turnmay forward the signal to mobility client 816 so it can ring back to theuser, at a next step 1106.

In addition, at a next step 1108, PBX 810 may translate the SIP inviteto a dialing request and dial the contact number associated with outsidetelephone 802 to reach carrier network 860. At a next step 1110, carriernetwork 860 may perform the switch to forward the telecommunicationrequest to outside telephone 802.

Upon responding to the incoming telecommunication request, user ofoutside telephone 802 may pick up outside telephone 802. At a next step1112, outside telephone 802 may send a message back to carrier network860 indicating that outside telephone 802 has been picked up.

Once a connection has been established between the carrier network andoutside telephone 802, at a next step 1114, carrier network 860 may sendthe message to PBX 810. PBX 810 may then translates the message to a SIPOK message and may send the SIP OK message through PBX interface module918 to call control server module 920 of mobility server 818, at a nextstep 1116. Before forwarding the SIP OK message to mobility client 816,call control server module 920 may interact with resource manager module924 to request for resource allocation. Resource manager module 924 mayinteract with media server and voice quality engine module 934 ofmobility server 818 to determine the amount of resources that may needto be allocated. In an embodiment, resource allocation may depend uponthe telecommunication session media requirements (e.g., text, voice,video, etc.).

At a next step 1118, mobility server 818 may forward the SIP OK messageto mobility client 816. In an example, call control server module 920may forward the SIP OK message to mobility client 816 through SIP servermodule 930 and socket server module 932. At mobility client 816, thereceived SIP OK message may flow from socket client module 1004 to SIPclient module 1068 through wrappers module 1056 to call control clientmodule 1098.

Upon receiving the SIP OK message, call control client module 1098 ofmobility client 816, at a next step 1120, may send a SIP Acknowledge(SIP ACK) message to mobility server 818. The SIP ACK message may besent along the similar path as the SIP invite message. At a next step1122, call control server module 920 of mobility server 818 may send theSIP ACK message to PBX 810. At a final step 1124, a telecommunicationsession may be established between mobility client 816 and outsidetelephone 802. The telecommunication session includes two connections(i.e., leg 1126 and leg 1128). Leg 1126 may be between outside telephone802 and mobility server 818 via carrier network 860, PBX 810, and IPnetwork 812. Leg 1128 may be between mobility client 816 and mobilityserver 818 via IP network 812 and Wi-Fi network 814. With this method,all telecommunication traffic between mobility client 816 and outsidetelephone 802 are handled by mobility server 818.

Referring back to FIG. 8, a telecommunication session is active betweenthe user of outside telephone 802 and the user of mobility client 816.FIG. 12 illustrates, in accordance with one or more embodiments of thepresent invention, an example of a roaming scenario in which the user ofmobility client 816 roams from Wi-Fi network 814 to cellular network862.

During the telecommunication session, the user of mobility client 816may begin to move away from enterprise 800 (as indicated by a path 1202)and the signal level and voice quality may begin to degrade as user ofmobility client 816 moves away from Wi-Fi network 814. Also, user ofmobility client 816 may be roaming into an area that is supported bycellular network 862.

During the transition period, mobility server 818 and mobility client816 may be monitoring the signal strength received from Wi-Fi network814. In an embodiment, signal level quality may be monitored by mobilitymanager client module 1096 within mobility client 816. Mobility managerclient module 1096 may continuously share the signal level data bysending data through DP/DX client module 1054 and DP/DX server module926 to mobility manager server module 922 within mobility server 818. Asthe signal strength degrades, mobility manager server module 922 andmobility manager client module 1096 may inform call control servermodules 920 and call control client modules 1098, respectively, toexpect a new network connection. In an example, a new connection betweenmobility client 816 and cellular network 862 may be established. In anembodiment, the current connection between mobility client 816 and Wi-Finetwork 814 may be maintained for a temporary period of time until ahandoff has occurred.

Once the signal strength of Wi-Fi network 814 has degraded below apre-defined threshold that may be established by enterprise 800, theconnection with Wi-Fi network 814 may be dropped and cellular network862 may replace Wi-Fi network 814 as the primary network. The mediatraffic may now flow from outside telephone 802 to carrier network 860(leg 830) to PBX 810 (leg 832). PBX 810 may then forward the mediatraffic to mobility server 818 through IP network 812 (leg 834).Mobility server 818 may then forward the media traffic through IPnetwork 812 to PBX 810 (a leg 1204) to carrier network 860 (a leg 1206).From carrier network 860, the media traffic may be forwarded to cellularnetwork 862 (a leg 1208) to arrive at mobility client 816 (a leg 1210).

FIG. 13 illustrates, in an embodiment of the present invention, a callflow for the roaming scenario of FIG. 12. An established connection 1302between outside telephone 802 and mobility client 816 via mobilityserver 818 may exist. Established connection 1302 may include two legs1304 and 1306. Leg 1304 is associated with the connection betweenoutside telephone 802 and mobility server 818. In an example, outsidetelephone 802 may be connected to mobility server 818 via carriernetwork 860 and PBX 810. Leg 1306 may be associated with the connectionbetween mobility client 816 and mobility server 818. In an example,mobility client 816 may be connected to mobility server 818 via Wi-Finetwork 814.

At a next step 1308, data about the connectivity status of mobilityclient 816 may be continuously communicated to mobility server 818. Asthe user of mobility client 816 begins to roam away from Wi-Fi network814, at a point 1310, one or more criteria for handoff are met, and atleast one of mobility client 816 and mobility server 818 may determinethat a handoff need to be perform. The one or more criteria may beconfigured by enterprise 800 and may be stored in mobility client 816and/or mobility server 818. The criteria may include, but are notlimited to, signal strength, channel loading, and/quality ofcommunication.

At a next step 1312, mobility server 818 may initiate a handoff bysetting up a connection with PBX 810. In preparation for the handoff,mobility server 818 may also begin buffering the incoming media packetsfrom mobility client 816 and outside telephone 802. Buffering may occurin anticipation of packets not being received by either party. Duringthe transition period, legs 1304 and 1306 of established connection 1302are still being maintained and media packets are still being sent to thetwo parties (i.e., mobility client 816 and outside telephone 802).

At a next step 1314, mobility server 818 may send a SIP invite messageto PBX 810. The SIP invite message includes a cellular number that isassociated with mobility client 816. At a next step 1316, PBX 810 maytranslate the SIP invite message into a cellular call to cellularnetwork 862. At a next step 1318, PBX 810 may send a ring tone back tomobility server 818.

At a next step 1320, cellular network may connect with mobility client816. At this point, two connections have been established betweenmobility client 816 and mobility server 818. To notify mobility server818 that a second connection has been established through cellularnetwork 862, mobility client 816 may send a signal each through eachnetwork connection (i.e., cellular network and Wi-Fi network), in anembodiment. Two signals may be sent, in an embodiment, to ensure thatmobility server 818 receives the request to switch in a timely manner.In an example, mobility client 816 may send a first signal (path 1322)through the Wi-Fi connection and a second signal through the cellularnetwork to mobility server 818 (path 1324). In response, mobility server818 may send mobility client 816 an acknowledgement through both networkconnections.

The switch to the new cellular connection may be performed by eithermobility server 818 and/or mobility client 816, in an embodiment (point1326). Accordingly, connection between mobility client 816 and outsidetelephone 802 is now through a cellular network instead of a Wi-Finetwork. In an embodiment, a new connection 1328 between outsidetelephone 802 and mobility client 816 may be established. New connection1328 may include existing leg 1304 and a newly created leg 1330 throughcellular network 862. After new connection 1328 has been established,mobility server 818 may disconnect mobility client 816 from Wi-Finetwork 814, in an embodiment. In another embodiment, mobility client816 may be disconnected from Wi-Fi network 814 while new connection 1328is being established.

FIGS. 12 and 13 show that a handoff from a Wi-Fi network to a cellularnetwork may occur seamlessly to both the user of mobility client 816 andthe user of outside telephone 802. Despite the complex steps that may beoccurring to switch the user of mobility client 816 to a betterconnection, the user of mobility client 816 may only be aware of anetwork change when mobility client 816 displays a message on userinterface module 1082 to notify the user that a new connection has beingmade. For all general purpose, the switch from the Wi-Fi network to thecellular network is a seamless transition that does not negativelyimpact the two calling parties' telecommunication experience.

Similarly, switching may occur when the user of mobility client 816roams from a cellular network back into Wi-Fi environment 814 as shownin FIGS. 14A and 14B.

FIG. 14A illustrates, in accordance with one or more embodiments of thepresent invention, an example of a call roaming scenario in which theuser of mobility client 816 roams from cellular network 862 back intoWi-Fi network 814. Consider the situation wherein, for example, mobilityclient 816 in FIG. 12, who is currently communicating with outsidetelephone 802 via cellular network 862 (through the PBX 810), has roamedback into enterprise's Wi-Fi network 814 (a path 1490). As mobilityclient 816 roams from cellular network 862 to Wi-Fi network 814,mobility client 816 may begin registering with mobility server 818through Wi-Fi network 814. Registration packet may be sent from mobilityclient 816 via Wi-Fi network 814 through IP network 812 to reachmobility server 818.

Once registration has completed, and one or more criteria for handoffhas been met (e.g., signal strength, channel loading, and/quality ofcommunication), handoff may begin. Mobility client 816 may send twosignals to mobility server 818 indicating his ready state. As mentionedabove, a signal is sent over each available network to ensure thatmobility server 818 receives the signal in a timely manner.

Upon receiving one of the signals, mobility server 818 may switchmobility client to Wi-Fi network 814. In another embodiment, mobilityclient 816 may perform the switch and then notify mobility server 818.

Once a connection has been established between mobility client 816 andmobility server 818 through Wi-Fi network 814, the cellular connectionmay be disconnected. In an embodiment, mobility server 818 may send adisconnect message to PBX 810. PBX 810 may then send a command tocellular network 862 to end the connection.

The media traffic may now flow from outside telephone 802 to carriernetwork 860 (leg 830) to PBX 810 (leg 832). PBX 810 may then forward themedia traffic to mobility server 818 through IP network 812 (leg 834).Mobility server 818 may then forward the media traffic through IPnetwork 812 to Wi-Fi network 814 to mobility client 816 (leg 1492).

FIG. 14B illustrates, in an embodiment of the present invention, a callflow that provides the steps for the handoff that may occur. Anestablished connection 1402 between outside telephone 802 and mobilityclient 816 via mobility server 818 may exist. Established connection1402 may include two legs 1404 and 1406. Leg 1404 is associated with theconnection between outside telephone 802 and mobility server 818. In anexample, outside telephone 802 may be connected to mobility server 818via carrier network 860 and PBX 810. Leg 1406 may be associated with theconnection between mobility client 816 and mobility server 818. In anexample, mobility client 816 may be connected to mobility server 818 viacellular network 862 and PBX 810.

The user of mobility client 816 may roam from a cellular network backinto a Wi-Fi network (e.g., Wi-Fi network 814) within enterprise 800. Ata next step 1408, mobility client 816 may register with mobility server818 through Wi-Fi network 814. During the registration process,authentication of mobility client 816 (including user identity) may beperformed for security consideration. In addition, information forperforming a handoff may be exchanged between mobility client 816 andmobility server 818.

At a next step 1410, one or more criteria for handoff are met, and atleast one of mobility client 816 and mobility server 818 may determinethat a handoff needs to be performed. As mentioned above, the on or morecriteria (e.g., signal strength, channel loading, and/quality ofcommunication) may be configured by enterprise 800 and may be stored inmobility client 816 and/or mobility server 818.

At a next step 1412, at least one of mobility server 818 and mobilityclient 816 may determine that the current telecommunication sessionbetween the user of mobility client 816 and outside telephone 802 may bebest continue over the connection with Wi-Fi network 814 instead of overthe connection with cellular network 862.

At a next step 1414, mobility server 818 may send a SIP invite messageto mobility client 816. In response, at a next step 1416, mobilityclient 816 may send a SIP OK message back to mobility server 818.

At a next step 1418, at least one of mobility server 818 and mobilityclient 816 may execute the switch from cellular network 862 to Wi-Finetwork 814 such that the handoff may be completed. Accordingly, aconnection 1420 between mobility client 816 and mobility server 818through Wi-Fi network 814 may be established.

At a next step 1422, mobility server 818 may send a disconnect messageto cellular network 862 to drop the connection between cellular network862 and mobility client 816. In an embodiment, mobility server 818 maysend a disconnect message to PBX 810. PBX 810 may translate thedisconnect message and send a command to cellular network 862 todiscontinue cellular connection 1406.

After the roaming transition has been completed, a connection 1424 maybe established between outside telephone 802 and mobility client 816. Ascan be seen, connection 1424 includes leg 1404 and a leg 1424. Asaforementioned, leg 1404 is the leg between outside telephone 802 andmobility server 818. Despite the roaming that may have occurred, leg1404 is not impacted. In regard to leg 1424, this leg replaces leg 1406and represents the new connection between mobility client 816 andmobility server 818 through Wi-Fi network 814.

Similarly, switching may occur when the user of mobility client 816roams from a cellular network into a hotspot Wi-Fi environment (e.g., acoffee shop) as shown in FIGS. 15A and 15B.

FIG. 15A illustrates, in accordance with one or more embodiments of thepresent invention, an example of a call roaming scenario in which theuser of mobility client 816 roams from cellular network 862 into ahotspot Wi-Fi network 1502.

Consider the situation wherein, for example, mobility client 816 in FIG.12, who is currently communicating with outside telephone 802 viacellular network 862, has roamed into hotspot Wi-Fi hotspot 1502 (a path1504). As mobility client 816 roams from cellular network 862 to a Wi-Finetwork 1506, mobility client 816 may begin registering with mobilityserver 818 through Wi-Fi network 1506. Registration packet may be sentfrom mobility client 816 via Wi-Fi network 1506 through Internet 850,firewall 820, and IP network 812 to reach mobility server 818.

Once registration has completed and one or more criteria for handoff hasbeen met (e.g., signal strength, channel loading, and/quality ofcommunication), handoff may begin. Mobility client 816 may send twosignals to mobility server 818 indicating his ready state. As mentionedabove, a signal is sent over each available network to ensure thatmobility server 818 receives the signal in a timely manner.

Upon receiving one of the signals, mobility server 818 may switchmobility client to Wi-Fi network 1506. In another embodiment, mobilityclient 816 may perform the switch and then notify mobility server 818.

Once a connection has been established between mobility client 816 andmobility server 818 through Wi-Fi network 1506, the cellular connectionmay be disconnected. In an embodiment, mobility server 818 may send adisconnect message to PBX 810. PBX 810 may send a command to cellularnetwork 862 to end the connection.

The media traffic may now flow from outside telephone 802 to carriernetwork 860 (leg 830) to PBX 810 (leg 832). PBX 810 may then forward themedia traffic to mobility server 818 through IP network 812 (leg 834).Mobility server 818 may then forward the media traffic through IPnetwork 812, firewall 820, Internet 850 to Wi-Fi network 1506 tomobility client 816 (leg 1508).

FIG. 15B illustrates, in an embodiment of the present invention, a callflow that provides the steps for the handoff that may occur. Similar toFIG. 14B, an established connection 1522 may exist between outsidetelephone 802 and mobility client 816 via mobility server 818.Established connection 1522 may include two legs 1524 (i.e., thecellular connection between outside telephone 802 and mobility server818) and 1526 (i.e., cellular connection between mobility client 816 andmobility server 818).

As the user of mobility client 816 roams into a Wi-Fi network 1506, at anext step 1528, mobility client 816 will identify if there is a FW(firewall) or a NAT (network address translation) device between itsconnection point and the mobility server 818, Once the connectivitymethod has been identified it may register with mobility server 818through Wi-Fi 1506. After registration and authentication has beenperformed, at a next step 1530, one or more criteria (e.g., signalstrength, channel loading, and/quality of communication) for handoff maybe met and a handoff may be determined by mobility client 816 and/ormobility server 818. At a next step 1532, handoff may begin.

At a next step 1534, mobility server 818 may send a SIP invite messageto mobility client 816 at Wi-Fi network 1506 via IP network 812,firewall 820, and Internet 850. In response, at a next step 1536,mobility client 816 at Wi-Fi network 1506 may send a SIP OK message backto mobility server 818 via Internet 850, firewall 820, and IP network812.

At a next step 1538, a switch may be executed to move the media trafficfrom cellular network 862 to Wi-Fi network 1506 to complete the handoffand establish a connection 1540 between mobility client 816 and mobilityserver 818 through Wi-Fi network 1506.

At a next step 1542, mobility server 818 may send a disconnect messageto PBX 810. PBX 810 may translate the disconnect message and send acommand to cellular network 862 to discontinue cellular connection 1526.

After the roaming transition has been completed, a connection 1544 maybe established between outside telephone 802 and mobility client 816. Ascan be seen, connection 1544 includes leg 1524 (i.e., leg betweenoutside telephone 802 and mobility server 818) and leg 1540 (i.e., newleg between mobility client 816 and mobility server 818 through Wi-Fi1506).

FIGS. 14A, 14B, 15A, and 15B show that with a wireless communicationsystem solution, enterprise 800 may control when a handoff from a moreexpensive cellular network to a less expensive IP network (e.g., Wi-Fi)may occur. In the prior art, enterprise 800 may have been dependent upona cellular network to make the decision for a switch. Enterprise 800generally has little or no control over when the switch may happen. As aresult, enterprise 800 may not have being given the chance to takeadvantage of the full cost saving benefits that may have occurred with aswitch to a less expensive network.

Similar to a switch from a Wi-Fi network to a cellular network, ahandoff that may occur from a cellular network to a Wi-Fi network mayoccur seamless to the user of mobility client 816 and the user ofoutside telephone 802. Neither parties may be aware of the steps beingtaken to switch the user of mobility client 816, whose connection may bedegrading, to a network that may not only be cheaper but may alsoprevent disruption in the telecommunication session between user ofmobility client 816 and outside telephone 802.

FIG. 16A illustrates, in accordance with one or more embodiments of thepresent invention, a call establishment between two mobility clients.Mobility client 816 may want to connect with a mobility client 1602.Both mobility clients 816 and 1602 are located within enterprise 800.The telecommunication request from mobility client 816 may be routedthrough Wi-Fi network 814 and IP network 812 to mobility server 818 (aleg 1604). After validating the mobility client 816, mobility server 818may identify that the receiving party of the telecommunication request(mobility client 1602) is a registered device. Mobility server 818 maythen route the telecommunication request to mobility client 1602 throughIP network 812 and a Wi-Fi network 1608 (a leg 1606) to establish atelecommunication session between mobility client 816 and mobilityclient 1602.

FIG. 16B illustrates, in an embodiment of the invention, a call flow forFIG. 16A. At a first step 1622, mobility client 816 may send a SIPinvite message to mobility server 818 via Wi-Fi network 814 and IPnetwork 812.

In an embodiment, to send a SIP invite, user of mobility client 816 mayemploy a user interface module 1082 to enter in a contact number formobility client 1602. Once the telecommunication request has beenentered, call control client module 1098 may be initiated.

Since call control client module 1098 is aware that a Wi-Fi connectionmay be made via SIP, call control client module 1098 may access SIPclient module 1068 via wrapper module 1056. SIP client module 1068 maysend a SIP invite through socket client module 1004 to mobility server818.

Upon receiving the SIP invite, mobility server 818 may verify thecontact number. In order to perform the verification of the contactnumber, the SIP invite is forwarded to call control server module 920via socket server module 932 and SIP server module 930. Upon receivingthe SIP invite, call control server module 920 may interact withresource manager module 924 of mobility server 818 to confirm ifsufficient network resource for supporting the telecommunication requestis available. Since the receiving party is also a registered device,call control server module 930 may check with presence manager servermodule 912 to determine the status of mobility client 1602. By checkingwith presence manager module call control module 930 may be able tobetter direct the outgoing telecommunication request.

If the presence manager server module 912 indicates that the user ofmobility client 1602 is accepting telecommunication request, then callcontrol server module 930 may direct the call to mobility client viaWi-Fi network 1608 and IP network 812, at a next step 1624. In anexample, mobility client 1602 may ring.

At mobility client 1602, the received SIP invite message may flow fromsocket client module 1004 to SIP client module 1068 through wrappersmodule 1056 to call control client module 1098.

Upon receiving the SIP invite message, call control client module 1098of mobility client 816, at a next step 1626, may accept thetelecommunication request (e.g., answer the telephone call) by sending aSIP OK message to mobility server 818 via Wi-Fi network 1608 and IPnetwork 812. At mobility server 818, the received SIP OK message mayflow from socket server module 932 to SIP server module 930 up to callcontrol server module 920.

At a next step 1628, mobility server 818 may forward the SIP OK messageto mobility client 816 via Wi-Fi network 814 and IP network 812. Atmobility client 816, the received SIP OK message may flow from socketserver module 932 to SIP server module 930 up to call control servermodule 920. In response, at a next step 1630, mobility client 816 viaWi-Fi network 814 and IP network 812 may send mobility server 818 a SIPacknowledge (SIP ACK) message to acknowledge receipt of the SIP OKmessage.

At a next step 1632, mobility server 818 may forward the SIP ACK messageto mobility client 1602 via Wi-Fi network 1608 and IP network 812. OnceSIP ACK has been received then mobility server 818 may connect a leg1636 (i.e., connection between mobility client 816 and mobility server818 via Wi-Fi network 814 and IP network 812) with a leg 1638 (i.e.,connection between mobility client 1602 and mobility server 818 viaWi-Fi network 1608 and IP network 812) to form a new connection 1634.

In an embodiment, to increase efficiency in moving media traffic, atranscoder may be integrated into a mobility server. In the prior art,the transcoder may be performed by either a carrier-managed gateway orby a telecommunication device. To facilitate discussion, FIG. 17 show aprior art block diagram of a transcoder within a carrier-managedgateway.

Consider the situation wherein, for example, a cellular telephone may becommunicating with a mobility client. When a cellular telephone 1701communicates with mobility client 116 through cellular network 162 andWi-Fi network 114, the media data may be transcoded by a transcoder 1749of a carrier-managed gateway 1799. Accordingly, cellular phone 1701 maytransmit and receive media data in a cellular network standardizedformat (e.g., GSM on a leg 1771), and mobility client 116 may transmitand receive media data in a wireless LAN standardized format, (e.g.,G.711 on a leg 1791), such that both of cellular phone 1701 and mobilityclient 116 may encode and/or decode media data correctly.

Carrier-managed gateway 1799 is generally located within the carrierpremise (e.g., in the premise carrier network 160 or cellular network162). Therefore, a link 1789 between carrier-managed gateway 1799 and IPnetwork 112 may represent a substantial part of overall networkresource. As such, efficient use of link 1789 may be important. However,G.711 is a low-compression (i.e., high data size) transcoding standardcompared with GSM. With transcoding performed by carrier-managed gateway1799 and the media data in G.711 format transmitted on link 1789, link1789 may be inefficiently utilized.

Consider another the situation wherein, for example, an IPtelecommunication device may be communicating with a mobility client.When an IP device 1703 communicates with mobility client 116 throughInternet 150, IP network 112, and Wi-Fi network 114, IP device 1703 mayhave to use G.711 format with high bandwidth to communicate withwireless LAN mobility client 116 which generally utilizes G.711 format,even if the IP device 1703 has the capability to use G.729 format withlow bandwidth. In other words, in order for an IP device to communicatewith a mobile device, the media packets that are sent from the IP devicemust be in a standard (e.g., G.711) that is acceptable to the mobiledevice. Thus, even though the IP device is capable of transmitting mediapackets in a high compression format, the IP device is not able to takeadvantage of the capability since the mobile device is unable to receivethe high compression file. As a result, more bandwidth may be requiredto transmit media packets between IP device 1703 and mobility client116.

Further, the requirement for IP device 1703 to send media packets in alow compression format (e.g., G.711) may require the user of IP device1703 to configure transcoder 1743 such that transcoder 1743 may performthe transcoding correctly. This may prove an inconvenience for the user,especially if the user is not “tech-savvy”. Further, if IP device 1703is unable to perform the transcoding, IP device 1703 may not be able tocommunicate with mobility client 116.

The prior art method of placing a transcoder within a carrier-managedgateway and/or a telecommunication device may limit the type oftelecommunication device that may be purchased. In addition, the routingdata packet in low-compression format may result in a burden to thenetwork traffic, resulting in higher cost and even slower traffic.

In an embodiment, a transcoder may be placed within the enterprise(e.g., mobility server) to handle multiple types of media data format.FIG. 18 shows, in an embodiment, a block diagram illustrating anarrangement for transcoding.

A transcoder 1858 may be implemented in media server and voice qualityengine 934 of mobility server 118. Accordingly, communication betweencellular phone 1701 and mobility client 116 may be represented by a leg1872 in GSM format and a leg 1892 in G.711 format, with trancodingperformed by transcoder 1858. As such, media data transmitted on link1789 may now be in a high-compression format, such as GSM, instead of alow-compression format, such as G.711. As a result, network resource maybe more efficiently used.

Further, communication between IP device 1703 and mobility client 116may be represented by a leg 1882 in G.729 format and leg 1892 in G.711format, with transcoding performed by transcoder 1858. As such, the userof IP device 1703 may now send high compression media packets, resultingin less costly bandwidth to be utilized. Thus, the user of IP device1703 may no longer be required to configure his telecommunication deviceto perform transcoding. As a result, the type of telecommunicationdevices that may be purchased is no longer limited to only thosetelecommunication devices that have transcoding capability.

As can be appreciated from the forgoing, one or more embodiments of thepresent invention provide a wireless communication system that employs amultiple network arrangement that can be managed by an enterprise tosatisfy its infrastructure need. Also, the wireless communication systemgives an enterprise the flexibility to create, implement, manage, andenforce its own communication policy. Further, the wirelesscommunication system reduces the cost associated with changes toequipments (e.g., network equipments and telecommunication devices) bybeing independent of operating system, brands, and/or models. Furthercost saving is also available because with the wireless communicationsystem, an enterprise may tailor the mobility server to take advantageof the lower cost networks when the lower cost networks are available.

One or more embodiments may enable seamless roaming and smooth handoffamong the multiple mobile/wireless networks. Therefore, the enterprise'semployees may have substantially ubiquitous connectivity andaccessibility. As a result, the enterprise may improve customersatisfaction and avoid missed business opportunities.

One or more embodiments may provide mobility server software and clientsoftware that are implemented independent of operating systems andhardware. Therefore, costs of switching carriers and changingcommunication arrangements may be minimized.

Further, one or more embodiments may include multiple mobility serversconnected through a virtual private network and deployed at multiplesites of the enterprise such as, for example, multiple internationalsites. Accordingly, use of network resource may be optimized, and costof communication may be reduced.

B. ENHANCING USER EXPERIENCE IN MEDIA HANDOFFS

FIGS. 4A-E depict a structure and method for fast media handoff betweenWi-Fi and cellular networks

1. The invention provides a mechanism to seamlessly switch mediaconnection between enterprise controlled indoor or outdoor Wi-Fi tooperator controlled cellular network. The mechanism will compensate fordiffering loss characteristics on disparate networks and deliver costsavings to the subscribers.

2. VQE Design Considerations:

The criteria for successful voice handoffs within homogeneous andheterogeneous networks include: handoff times; and voice quality.

The performance of the voice handoff for acceptable user experience isdetermined by several factors such as codecs, the number oftranscodings, jitter, stream switching impact as well as the end-to-enddelay including cellular/Wi-Fi delay differential. Some of theseparameters that pose unique challenges for heterogeneous handoffs andare discussed in detail below.

3. Codecs and Transcoding

The G.711, G.729, GSM, and new UMTS codecs are some of the common voicetransuding standards. The overall performance is affected not only bythe bandwidth requirement of the coding but also the transcoding delayon a given MAC layer as well as the number of transcodings in theend-to-end call.

4. End-to-End Delays and Echo The tail end delay for the cellularnetwork can be 300-500 ms for the tail path which causes echoes. Toaccount for acoustic echoes at the handset, carriers limit the volumelevel of the mobile user. Such reduction creates a scenario where thecellular subscribers may not be able to hear the PSTN-side of the call.Note that this effect is outside the control of the enterprise andvolume differences can exist due to the way the cellular networksimplement their voice networks.

Traditional echo cancellers are limited to 128 ms tail lengths, largelydue to the cost. Processing delays in the tail circuit (between the MSCand the handset) of a mobile system will result in tail lengthsapproaching 300 ms. Because of the unpredictability of the handset'sAcoustic echo return loss (AERL) capabilities and the variability of thecaller environment, it is impractical to place a canceller in thecircuit only when conditions require it. For delays in the enterpriseWi-Fi network to the PSTN, the following depicts the scenario and thedelay budget which is approximately 125 ms.

5. Switching media stream connections

Switching both the codecs as well as the streams increases the delaymore than just reconnecting the streams, but by using G.711 throughout,the codec changes are eliminated.

6. Using silence and old packets

To compensate for delay differential during handoff, it is recommendedto use pre-stored silence packets. Auto-correlation of two streamstogether with silence packet insertion would help in smoothertransition. Layer Item Duration L2 802.11 scan (active) 40-300 ms L2802.11 associate/reassociate 2 L3 DHCP V4 Discover to offer 10-20 msFull (through ARP) 1000 ms L4/L7 Address change pre-processing 10-50 msMedia reassociation 30-50 ms

The above table shows a minimal set of procedures to address thehandoffs. The majority of the handoff can be assigned to the scan of theavailable access points. The time may be longer if passive scanning isused. After the scanning is eliminated, then by issuing addressallocation and pre-processing and then SIP messages at the offer insteadof waiting for the full DHCP process to complete, reduces the DHCPimpact to 10 ms. The address preprocessing must be issued first followedby the SIP requests to ensure that any change in the IP address andsubsequent impact on the NAT and traffic flow. The use of addresspreprocessing for acquisition is needed if the handoff occurs behind aNAT and a new IP address is assigned. For example, this requiresnotification to the preprocessing server to re-allocate new address andports for new session identification. Then the SIP based re-associationcan be issued to redirect the traffic. After these control messages, thetraffic is redirected either by a proxy or by the end-device to the newIP address. This would require 30-35 ms from association to thecompletion.

Features and advantages of the present invention may be betterunderstood with reference to the figures and discussions that follow.

An issue facing users in the prior art relates to user experience duringhandoffs in wireless communication. When a telecommunication deviceperforms a handoff between transmitters, both transmitters may besimultaneously sending data streams. However, the media data streams maynot be synchronized. In one example, a gap may exist. In anotherexample, the media data stream may overlap. As a result, the two partieson the telecommunication session may experience silence, noises,glitches, and/or echoes (e.g., choppy speech in a voice call orinterrupted viewing of streaming video).

Prior art FIG. 43 illustrates an example of an arrangement forprocessing media data during handoffs in wireless communication.Consider the situation wherein, for example, a user of a mobiletelecommunication device 4316 is conversing with a user of an outsidetelephone 4302. During the telecommunication session, the user of mobiletelecommunication device 4316 may wander away from a Wi-Fi network 4314toward a cellular network 4362, resulting in a handoff between the twonetworks. During the handoff, a server 4398 may be employed to processthe media data streams that may be sent by the mobile telecommunicationdevice. In an example, first media data stream 4350 may be transmittedfrom Wi-Fi network 4314 and second media data stream 4304 may be comingfrom cellular network 4362. In addition the server may include a mutemodule 4390 configured to mask noises and media data during the handoff.

Prior art FIGS. 44A and 44B illustrate a prior art example of methodsfor processing media data streams during handoffs in wirelesscommunication. Prior art FIGS. 44A and 44B will be discussed in relationto prior art FIG. 43.

Prior art FIG. 44A illustrates a handoff scenario in which a gap mayexist in the media data streams that are being sent by the two networks.A view 4400 includes a graphical view of media data streams 4302 and4304. During a handoff period 4406, a gap 4410 may exist. Gap 4410 mayrepresent a time interval in which neither first media data stream 4350nor second media data stream 4304 is active. In an example, the signallevel from Wi-Fi network 4314 may have become weak and may be unable totransmit first media data stream 4302. Also, the connectivity may stillbe weak with cellular network 4362, thus second media data stream 4304may not be transmitted yet. As a result, the telecommunication sessionmay appear as though the connectivity between the two parties may havebeen lost. In addition, random noises (e.g., static noise) may becomeannoyingly obvious to the parties in the telecommunication session.

A prior art solution that has been implemented to handle the gap is toemploy mute module 4390. In an example, mute module 4390 may provide amask 4408 to mask gap 4410 during handoff 4406 to mute the noises. Mask4408 may include silence data packets that provide low, pre-recordedbackground noise such that the parties in the telecommunication sessionare aware that the telecommunication session has not been dropped.Further, mask 4408 may also shield the parties in the telecommunicationsession from the random noises. Unfortunately, the muting method stillpresents an obvious interruption in the telecommunication session.Further, the parties involved in the telecommunication session may beunsure about the length of the interruption. As a result, the mutingmethod does not provide a seamless transition to the parties involved.

Prior art FIG. 44B illustrates a handoff scenario in which an overlapmay exist between the media data streams that are being sent by the twonetworks. A view 4450 includes a graphical view of media data streams4302 and 4304. During a handoff period 4416, an overlap 4420 may existbetween first media data stream 4350 and second media data stream 4304.Overlap 4420 may represent a time interval in which both media datastream 4350 and media data stream 4304 are active.

In an example, the signal level from Wi-Fi network 4314 may still bestrong enough to transmit media data stream 4302. At the same time, thesignal strength from cellular network 4362 has also become strongresulting in media data stream 4304 being transmitted. During overlap4420, because of cancellation and accumulation of signals, the partiesin the telecommunication session may experience dissatisfactorycommunication quality such as silence, noises, glitches, and/or echoes.

In the prior art, the muting method may be employed to handle theoverlap. In an example, mute module 4390 may be employed to provide amask 4418 to mask overlap 4420 during handoff 4416 to mute the noises,glitches, and/or echoes. Again, the muting method presents an obviousinterruption in the telecommunication session and the parties involvedin the telecommunication session may be unsure about the length of theinterruption. Thus, the muting method does not provide a smooth andseamless transition to the parties involved.

Another method that may be implemented in the prior art to handleoverlap 4420 is to employ a mixer, such as those used in conferencecall. In other words, the mixer may mix the overlapped portions of firstmedia data stream 4350 and of second media data stream 4304 duringhandoff 4416. Although the users of both telecommunication devices mayreceive data from both first media data 4302 and second media data 4304,the users may experience reverberation and glitches caused, for example,by transmission delay or acoustic delay. Further, noises may also bemixed with data from first media data 4302 and second media data 4304.As a result, the quality of the telecommunication session maydeteriorate during handoff 4416.

Another user experience issue in the prior art pertains to anundesirable change in signal level during handoffs in wirelesscommunication. The change in signal level may occur when atelecommunication device is being transferred from one network toanother. In an example, in order to reduce echoes, cellular network 4362may be configured to provide a voice signal gain that is lower than thevoice signal gain typically implemented in a wireless LAN network. Asillustrated in FIGS. 44A and 44B, the signal level of second media datastream 4304 (transmitted through cellular network 4362) is lower thanthe signal level of first media data stream 4350 (transmitted throughWi-Fi network 4314).

When mobile telecommunication device 4316 performs a handoff from Wi-Finetwork 4314 to cellular network 4362, the user of mobiletelecommunication device 4316 may experience a drop in voice volume. Asa result, the user may miss a portion of the conversation and may havethe inconvenience of re-adjusting the speaker of mobiletelecommunication device 4316 during the telephone call.

On the other hand, when mobile telecommunication device 4316 performs ahandoff from cellular network 4362 to Wi-Fi network 4314, the user mayexperience an increase in voice volume, resulting in an unexpected andeven unpleasant experience. As a result, the user may not onlyexperience discomfort but may also have the inconvenience ofre-adjusting the speaker of the telecommunication device.

In accordance with embodiments of the present invention, there isprovided a wireless communication system solution that may enhance thetelecommunication experience of a user of a telecommunication devicewhen a handoff occurs. Embodiments of the invention enable the wirelesscommunication system to provide an integrated solution by including amobility server. Embodiments of the invention enable the mobility serverto include at least one of a buffer system, a cross-correlation module,a synthesizer module, an extension module, an overlap and add module,and a signal level control module.

In this document, various implementations may be discussed usingexamples of handoff occurring between networks. This invention, however,is not limited to a handoff between networks but may also includehandoff within the same network. Also, in this document, variousimplementations may be discussed using examples of voice media. Thisinvention, however, is not limited to voice media and may includedifferent real-time media, such as video streaming, audio streaming, andthe like. The discussions are meant as examples and the invention is notlimited by the examples presented.

Consider the situation wherein, for example, a handoff is occurringbetween a Wi-Fi network and a cellular network. During the handoff, auser of a mobility client may be sending media streams through the twodifferent connections. In an embodiment of the invention, the mobilityserver may include a buffer system, which may be configured to bufferthe media data streams (e.g., audio or video data packets) that may bereceived by the mobility system during the handoff period. With thebuffer system, the mobility server may be able to prevent incoming mediadata streams from being forwarded to the destination device until themobility server has an opportunity to modulate the media data streams.

In an embodiment of the invention, the mobility server may also includea cross-correlation module. With the cross-correlation module, themobility server may handle overlap of media data streams that may occurduring a handoff. In an embodiment, with an overlap, thecross-correlation module may perform auto-correlation to determine asubstantial match between the first media data set of packets and thesecond media data set of packets. Set of packets may include at leastone or more packets.

Once the match has been determined, in an embodiment, thecross-correlation module may generate a cross-correlated media data setof packets by including a section of the first media data set of packetsand the second set of media data packets. In an example, the end sectionof a first media data set of packets, which may be coming through aWi-Fi network connection, and a head section of a second media data setof packets, which may be coming through a cellular network, may becombined to generate the cross-correlated media data set of packets.

By employing a cross-correlated module and an overlap and add module,the mobility server may create a transition media data set of packetsthat may provide the user of the destination device with a positivetelecommunication experience by minimizing or removing the problemsrelated to overlap of media streams, such as echo and noises.

In an embodiment, a mobility server may also include a synthesizermodule, which may be employed to handle gap that may exist between twomedia data streams. With a synthesizer module, the mobility server maymodel a section of a buffered first media data set of packets to coverthe gap that may exist between the first and second media data streamsduring a handoff. In an example, a gap (i.e., time interval) may existbetween the receipt of the first media data set of packets from a Wi-Finetwork and a second media data set of packets from a cellular network.In an embodiment, to handle the gap, the mobility server may employ asynthesizer module to synthesize a section of the first media data setof packets to generate a synthesized media data set of packets.

In an embodiment, a mobility server may also include an extensionmodule, which may also be employed to handle gap that may exist betweentwo media data streams. With an extension module, the mobility servermay extend a section of a media data set of packets to create a newextended media data set of packets. In an embodiment, a silence set ofpackets may be (periodically) inserted between data packets of at leasta section of the first media data set of packets.

In an embodiment, the extension module may be employed with thesynthesizer module to handle the gap. In an example, the mobility servermay first employ the synthesizer module to synthesize the first mediadata set of packets. However, if the gap is too large, then the mobilityserver may also employ the extension module to extend a section of thefirst media data set of packets.

In an embodiment of the invention, the mobility server may include anoverlap and add module configured to generate a transition media dataset of packet, which may include at least one of the cross-correlatedmedia data set of packets, the synthesized media data set of datapackets, and the extended media data set of packets to modify an overlapof media data or to fill a gap between media data in the handoff. Theoverlap and add module may also execute one or more well-known patternmatching algorithms to smooth the modification of the media data stream.

In an embodiment, the mobility system may also include a signal levelcontrol module configured to adjust the signal level of a transitionmedia data set of packets. The transition media data set may include atleast one of the cross-correlated media data set of packets, thesynthesized media data set of packets, and the extended media data setof packets. The transition media data set of packets may further includedata packets that the mobility system may receive through the newconnection (e.g., cellular network) after the handoff. The signal levelmay be adjusted to approximate the signal level of the first media dataset of packets. As a result, the unexpected and unpleasant change invoice volume may be substantially eliminated enabling the user of themobile telecommunication device, such as a mobility client, for example,to continue to have the same telecommunication experience as before thehandoff.

By employing a combination of the cross-correlation module, thesynthesizer module, the extension module, the overlap and add module,and the signal control level module, the mobility server may generate anenhance media data that may provide the user of the destination devicewith a positive telecommunication experience by minimizing or removingthe problems that has conventionally been encountered during a handoff.Thus, the user may now have a positive telecommunication experience withsubstantially no silence, noises, glitches, echoes, or reverberation.

Further features and advantages of the present invention may be betterunderstood with reference to the figures and discussions that follow.

FIG. 45 illustrates, in accordance with one or more embodiments of thepresent invention, an arrangement for processing media data during ahandoff in wireless communication. In the arrangement, both outgoingmedia data and incoming media data of a mobility client 4516 are routedthrough a mobility server 4518. During a telecommunication session withanother party such as, for example, an outside telephone 4502 or astreaming media server, mobility client 4516 may perform a handoff, forexample, from a Wi-Fi network 4514 to a cellular network 4562. Mobilityserver 4518 may include a media server and voice quality engine module4500, which may be employed to modulate the media data streams (e.g.,first media data 4506 transmitted through Wi-Fi 4514 and second mediadata 4504 transmitted through cellular network 4562) during a handoff

FIG. 46A shows, in accordance with one or more embodiments of thepresent invention, an architectural block diagram of media server andvoice quality engine module 4500. FIG. 46A will be discussed in relationto FIG. 45. Mobility server 4518 may employ media server and voicequality engine module 4500 to process media data during a handoff. Whenmobility client 4516 performs a handoff between networks, media serverand voice quality engine module 4500 may process first media data 4506received from Wi-Fi network 4514 and second media data 4504 receivedfrom cellular network 4562 to enhance the telecommunication experienceof both parties.

Consider the situation wherein, for example, a first media data set ofpackets from first media data 4506 and a second media data set ofpackets from second media data 4504 have been received by media serverand voice quality engine module 4500.

In an embodiment, media server and voice quality engine module 4500 mayinclude a media data buffer 4602. During a handoff, media data buffer4602 may be configured to receive and buffer media data input (e.g.,first media data set of packets and second media data set of packets)for subsequent processing. Media data input may include a set of datapackets. The data packets may include, but are not limited to, text,audio, image, and/or video signals.

In an embodiment, media server and voice quality engine module 4500 mayinclude a cross-correlation module 4604. Cross-correlation module 4604may perform cross-correlation if both the first media data set ofpackets and the second media set of packets are received during thehandoff. Cross-correlation module 4604 may perform cross-correlation todetermine a substantial match between the first media data set ofpackets and the second media data set of packets.

In an example, the first media data set of packets may include 5 datapackets and the second media data set of packets may include 1 datapacket. By employing cross-correlation, cross-correlation module 4604may determine that the packet in the second media data set of packet maymatch with the fifth data packet of first media data set of packets.Further, cross-correlation module 4604 may determine that the best matchmay be at a lag value of 50, assuming that the two packets are of 100bytes.

With a match and the lag value, cross-correlation module 4604 maygenerate a cross-correlated media data set of packets. FIG. 46B shows,in an embodiment, a block diagram illustrating an example of a methodfor generating a cross-correlated media data set of packets. A firstdata packet 4650 represents the fifth data packet from the first mediadata set of packets. A second data packet 4652 represents the datapacket from the second media data set of packets. By employingcross-correlation, cross-correlation module 4604 may have determinedthat second data packet 4652 and first data packet 4650 may be bestmatched at a point 4654, which may represent a lag value of 50. In otherwords, from point 4654 onward, the quality of data packet 4650 may bedegrading while the quality of data packet 4652 may be improving. Thus,the last 50 bytes (assuming 100 bytes in each of the two data packets inthis example), which is represented by a block 4656, of first datapacket 4650 may be combined with the first 50 bytes, which isrepresented by a block 4658, of second data packet 4652 to form a block4660 on a new data packet 4662. A second block 4664 of new data packet4662 may be formed from a block 4666 of second data packet 4650. Thus,new data packet 4662 may now replace the fifth data packet of thebuffered first media data set of packets that will be sent to thedestination device.

Consider the situation wherein, for example, a gap exists between thereceipt of a first media data set of packets and receipt of a secondmedia data set of packets. In an embodiment, media server and voicequality engine module 4500 may include a synthesizer module 4606, whichmay be employed to handle the gap. Synthesizer module 4606 may beconfigured to synthesize a section of the first media data set ofpackets to generate a synthesized media data set of packets. In anembodiment, synthesized media data set of packets may generate if nomedia data is received from the new network (e.g., cellular network4562) within a threshold. The threshold may represent a time limit or amaximum count of missing data packets beyond which the synthesized mediadata set may not effectively and/or sufficiently fill the gap to providea satisfactory user experience. Media server and voice quality engine4500 may include a timer and/or a data packet counter for determiningwhether the threshold has been met, in an embodiment.

In an embodiment, media server and voice quality engine module 4500 mayinclude an extension module 4608, which may also be employed to handlethe gap. Extension module 4608 may be configured to extend at least aportion of the first media data set of packets to generate an extendedmedia data set. The extended media data set may contain data packets ofat least a section of the first media data set of packets and silencedata packets, in an embodiment. The extended media data set may begenerated if no media data is received through the second network (e.g.,cellular network 4562) within a threshold.

In an embodiment, extension module 4608 may be implemented incombination with synthesizer module 4606. In an example, the gap may beextensive. To handle the gap, mobility server 4518 may first employsynthesized module 4606 to generate one or more synthesized media set ofpackets to handle the gap. If the threshold for synthesized module 4606has been met and the gap has not been sufficiently handled, thenmobility server 4518 may employ extension module 4608 to create one ormore extended media data set of packets to handle the gap.

In an embodiment, media server and voice quality engine module 4500 mayinclude an overlap and add module 4612, which may be employed togenerate a transition media data set of packets by including at leastone of cross-correlated media data set, the synthesized media data set,and the extended media data set. In an embodiment, overlap and addmodule 4612 may generate the new transition media data set of packets byincluding the cross-correlated media data set with a section of thefirst media data set of packets. Referring back to FIG. 46B, the first 4packets from the first media data set of packets and the newly createddata packet 4662 may be combined to create the new transition media dataset of packets.

In another embodiment, overlap and add module 4612 may also create thenew transition data set of packets by including the synthesized mediadata set of packets and/or the extended media data set of packets.

In addition, overlap and add module 4612 may include one or morewell-known smoothing algorithms such as linear ramping up and down thatmay be employed to smooth the new transition media data set of packets.

In an embodiment, media server and voice quality engine 4500 may includea signal level control module 4614, which may be configured to adjustthe signal level of a transition media data set of packets to generate ascaled media data set. Signal level control module 4614 may also beconfigured to adjust the signal level of the second media data stream.In one or more embodiments, signal level control module 4614 may executea well known automatic gain control algorithm.

In an embodiment, media server and voice quality engine 4500 may alsoinclude a media data switch 4616 configured to output the scaled mediadata set of packets.

FIG. 47 shows, in accordance with one or more embodiments of the presentinvention, a flowchart of a method for processing media data during ahandoff of a mobile telecommunication device between networks. FIG. 47will be discussed in relation to FIGS. 45 and 46. Consider the situationwherein, for example, the user of mobility client 4516 may roam from acoverage area supported by Wi-Fi 4514 into a coverage area supported bycellular network 4562. The method may be performed by implementing amedia server and voice quality engine 4500 (FIG. 45).

At a first step 4702, media server and voice quality engine 4500 mayreceive a first media data set of packets via Wi-Fi network 4514. At anext step 4704, media data buffer 4704 may buffer the first media dataset of packets. In one or more embodiments, media server and voicequality engine 4500 may start buffering the first media data set uponimminence of the handoff. The imminence of the handoff may be detectedby the mobile telecommunication device and/or a mobility server, in anembodiment. In one or more embodiments, media server and voice qualityengine 4500 may start buffering the first media data set when thehandoff starts.

Once the first media data set of packets have been received andbuffered, media server and voice quality engine 4500 may begin a timerand/or counter in anticipation of receiving a second media data set ofpackets from cellular network 4562.

At a next step 4712, media server and voice quality engine 4500 maydetermine if the second media data set of packets have been received.The second media data set may include silence data packets as well asdata packets that contain text, audio, and/or video signals. If a secondmedia data set of packets has been received, then an overlap hasoccurred and the method may proceed to a next step 4714.

At next step 4714, media server and voice quality engine 4500 may bufferthe second media data set of packets.

At next step 4706, cross-correlation module 4604 may be employed tocross-correlate the two media data set of packets to determine a matchbetween the two media data set of packets. In an embodiment,cross-correlation module 4604 may perform auto-correlation to determinea match between the first and second media data set of packets. In anembodiment, an end portion of the first media data set of packets and ahead portion of the second media data set of packets may be employed togenerate a cross-correlated media data set. In an embodiment, the endportion of the first media data set and the head portion of the secondmedia data set may be of the same bytes size, which may be determinedbased on the match between the first media data set and the second mediadata set. A lag value that defines the size may be determined using oneor more well known methods such as pitch detection.

At a next step 4750, mobility server 4518 may employ overlap and addmodule 4612 to create a new transition media data packet by modifyingthe first media data set of packets to include the cross-correlatedmedia data set of packets. In one or more embodiments, media server andvoice quality engine 4500 may replace at least a portion of the overlapof media data with the cross-correlated media data set. In anembodiment, one or more well-known algorithm such as linear ramping upand down may be employed to smooth the modification.

At a next step 4770, the signal level of the transition media data setof packets may be adjusted to account for the signal level change thatmay occur during a handoff. In an example, signal level may decreasewhen a user on a mobile telecommunication device roams from a Wi-Finetwork to a cellular network. By employing a signal level controlmodule, the signal level from the new connection may be adjusted tosubstantially match the signal level prior to the handoff. Refers toFIG. 48 for the discussion about how signal level may be adjusted.

Once the signal level has been adjusted, a new scaled media data set ofpackets may be generated. At a next step 4790, the scaled media data setof packets may be forwarded to the destination device via a mediaswitch.

Returning back to next step 4712, if a second media data set of packetsis not received by mobility server 4518, at a next step 4724, mediaserver and voice quality engine module 4500 may determine if a thresholdhas been reached. In an embodiment, the threshold may represent a timelimit and/or a count of missing data packets.

If the threshold has not been reached, then at a next step 4726, mediaserver and voice quality engine module 4500 may employ a modeled portionof the first media data set of packets to generate a synthesized mediadata set. The modeled portion may represent, in an embodiment, the lastseveral data packets of the first media set of packets. The modeledportion may be selected based on the characteristics of the data packetsin the first media data set of packets using one or more well knownmethods such as pitch detection. The synthesized media data set may begenerated using one or more well-known methods such as linear predictivemodel.

Referring back to next step 4724, if the threshold has been reached,then at a next step 4736, media server and voice quality engine module4500 may employ extension module 4608 to generate an extended media dataset of packets. The extended media data set of packets may be generatedusing one or more well known methods such as, for example, periodicallyinserting one or more silence data packets into at least a portion ofthe first media data set of packets

In an embodiment, the extension module may be employed when the gap isso large that one or more synthesized media data may not effectivelyand/or sufficiently fill the gap produced during the handoff to providea satisfactory user experience.

At a next step 4760, overlap and add module 4612 may manage the gapduring the handoff by utilizing at least one of the synthesized mediadata set and/or the extended media data set to create a new transitionmedia data set of packets. Overlap and add module 4612 may execute oneor more well-known smoothing schemes such as linear ramping up and downto smooth the modification. By employing the synthesized media data setof packets and/or the extended media data set of packets, one or moresilence and noises caused by the gap may be substantially reduced oreliminated.

Again at next step 4770, signal level control 4614 may adjust the signallevel of a transition media data set of packets to generate a scaledmedia data set. By adjusting the signal levels, the user may experiencea substantially consistent signal level, (e.g., voice volume) during thehandoff.

At a step 4790, media server and voice quality engine module 4500 mayoutput the scaled media data set, which may be sent to the destinationdevice.

FIG. 48 shows, in accordance with one or more embodiments of the presentinvention, a flowchart of a method for controlling signal levels of amobile telecommunication device during a handoff. The method mayrepresent step 4770 shown in FIG. 47 and may be performed by a signallevel control module such as, for example, signal level control module4614 shown in FIG. 46 a.

At a first step 4800, signal level control module 4614 may receive amedia data set of packets. In an embodiment, the media data set ofpackets may represent the transition media data set of packets generatedby overlap and add module 4612. In another embodiment, the media dataset of packets may represent the second media data set of packets fromthe second media data steam.

At a next step 4806, signal level control module 4614 may calculate theenergy of the media data set, for example, by summing the absolutevalues of the signal amplitudes of the media data set. In an embodiment,the square values may be used in place of the absolute values.

At a next step 4808, signal level control module 4614 may determinewhether or not the energy of the media data set is greater than thenoise floor. If the energy is not greater than the noise floor, themedia data set may be considered background noise, and control may betransferred to step 4828, in which the media data set is transmitted asan output of signal level control module 4614.

However, if the energy is greater than the noise floor, then at a nextstep 4810, signal level control module 4614 may scale the energy of themedia data set. In an example, the energy may be scaled by averaging theenergy signal levels in the media data set to generate a scaled energy.

At a next step 4812, signal level control module 4614 may determinewhether the scaled energy is greater than a high energy. In anembodiment, the high energy may represent the upper limit of an energyrange for the first media data set of packets. In an embodiment theenergy range for each of the telecommunication device may be determinedempirically.

If the scaled energy is greater than the high energy, then at a nextstep 4814, signal level control module 4614 may provide a reduced gainto decrease the energy of the media data set. In an example, thetransition media data set of packet may be louder than the upper limit;thus, the volume of the transition media data set of packets may bereduced in order to eliminate the unexpected and unpleasant increase involume the user at the destination device may experience upon receivingthe media data.

If at next step 4812, the scaled energy was less than the high energy,then at a next step 4824, signal level control module 4614 may furtherdetermine whether the scaled energy is less than a low energy. In anembodiment, the low energy may represent the lower limit of the abovementioned energy range for the first media data set of packets. If thescaled energy is less than the low energy, then at a next step 4836,signal level control module 4614 may provide an increased gain toaugment the energy of the media data set. In an example, the transitionmedia data set of packet may be softer than the lowest limit, thus, thevolume of the transition media data set of packets may be increased inorder to eliminate the inconvenience of increasing the speaker volumethe user at the destination device may have to perform to hear theincoming media data.

At a next step 4826, signal level control 4614 may generate a scaledmedia data set with a signal level that is comparable to the range ofthe first media data stream.

At next step 4828, signal level control 4614 may output the scaled mediadata set, for example, to media data switch 4616 (shown in FIG. 46A),which may then route the media data to the destination device.

As can be appreciated from the forgoing, one or more embodiments of thepresent invention provide a wireless communication system capable ofhandling the overlaps and gaps that may occur during a handoff. Byimplementing a variety of methods, such as cross-correlation,synthesizing, and extension, the wireless communication system enhancesa user's telecommunication experience by substantially eliminatingnoises, glitches, echoes and the like. Further, the wirelesscommunication system makes adjustment for the change in signal levelthat may happen when handoff occurs, thus substantially eliminating theunpleasant experience that may occur when signal level unexpectedlychanges.

C. AUTOMATICALLY SETUP OF POINT-TO-POINT AND POINT-TO-MULTIPOINTMULTI-MEDIA CONFERENCE CALLS WITH ADMINISTRATOR AND USER CONTROLLEDRULES AND PREFERENCES (RENDEZVOUS CALLING)

1. This invention is applicable to the field of point-to-point andpoint-to-multipoint multi-media conferencing using media communicationservers. FIGS. 5A-B depict a method in the media communication server toautomatically setup point-to-point and point-to-multipoint multi-mediaconference calls with administrator and user controlled rules andpreferences.

2. The current mechanism for setting up PP or PMP media calls is notdriven based on any user state or preference. If one or more of theparticipants is unavailable, the media server will allow the chairpersonto leave a voice mail. The only course of action will be for thechairperson to keep trying until all the participants are available orto rely on one or more of the participants to call back and then attemptthe conference at later point in time. This process is inefficient andtakes up time and resources and is often difficult to manage. The onlymechanism is to plan and schedule the conference ahead of time such thatall the participants will be available—however there is no guaranteethat they will be available at the time of the call. The above issuesstem from the lack of coordination and information exchange between thepresence servers and the media communication severs in an enterprise.

3. Rendezvous Calling (RC) enables a user to setup a point-to-point (PP)or a point-to-multipoint (PMP) media call (could be voice, video ormultimedia) without having to specify the time—the media communicationsserver determines the time of call establishment based on theavailability (determined by a variety of factors including presenceinformation, network availability etc.) of all the participants involvedand prompts all the participants before setting up the requested call.The notion of availability can be greatly enhanced to take a number ofuser driven parameters into consideration, thereby enabling the mediacommunications server to take a much more precise decision on when toplace the call based on all the participant's preferences. Some of theseadditional preferences and rules include network administratorcontrolled rules, user preferences based on time, medium choice, callparticipants, call priorities etc.

4. Advantages of the invention include

Setup and establishment of PP and PMP conference calls that areautomatically scheduled taking all the enterprise rules, participantpreferences and availability into consideration.

Effective and efficient communication within the enterprise as a resultof calls being established at the right moment instead of relying onvoice mails for priority-based communications.

6. Overall Architecture

FIG. 5A gives a very high level overview of the RC architecture. The RCarchitecture has components in the media communication server as well asthe RC client. The client in this case could be handsets, soft phones,PDAs etc. The RC client is responsible for managing the user interfaceto the user and to place a RC Request. It also allows the user to queryand track his/her pending RC requests. The RC client will also allow theuser to convert a normal PP or PMP call to a RC request if one or moreof the participant(s) is deemed “unavailable”. Similarly, when theserver does setup a RC call, the client will prompt the user and respondaccordingly based on the user feedback. On the server side, the RC logicinvolves collection and correlation of information from the presenceserver as well as enterprise applicable rules as configured by theadministrator and the user's preferences as configured by the individualusers.

When a user places a PP or PMP call from a client, the client softwarewill check the availability of the participants and will prompt the userif one or more of the participants are unavailable as to whether theywould like to make it a RC request. The user can also specify for howlong he/she would like keep this request pending. The mediacommunications server will track the RC request. When the serverconcludes that all the participants are available, it will prompteveryone whether they want to go ahead with the call or not. If all theparticipants acknowledge successfully, the call will be placed. If anyof the participants rejects the request, the RC call will be failed andall the participants will be informed of the result. The users can alsoquery the list of pending RC calls (ones they originated as well as theones on which they are participants) and cancel any requests that theyhad originated. The server will also employ enterprise as well as userdefined rules in determining the best time to go ahead with the call.

7. Administrator and participant rules and preferences for RC

Availability and RC setup decisions are based on a variety of user andadministrator controlled rules and preferences.

The following rules and preferences can be used in deciding participantavailability before a RC is placed.

-   -   Participant opt-out preference for any RC service. The        participant can opt out completely or specify time periods when        the participant does (or does not) wish to entertain RC calls.    -   Participant preferences—based on RC priority, RC owner,        participant list, time of day, network preference (enterprise        Wi-Fi, public Wi-Fi, Cellular etc.), Outlook calendar schedules        etc.    -   Users personal “Allow” and “Block” user lists for limiting the        RC calls they would like to participate in.    -   RC chairperson preference for a time window when the call should        be placed.    -   Administrator controller enterprise rules—cellular privileges        for RC, user's RC privileges etc.

8. Logic in the media communication server to schedule and place RCcalls.

The logic employed in the media communication server to process andsetup is controlled by a variety of factors.

-   -   Integration of the presence server in the media communication        server with the enterprise and participant driven rules and        preferences for determining participant availability and time to        place RC.    -   Support for mandatory and optional participant list for RC.    -   Ability for participants to early-accept or early-reject a RC. A        user can unconditionally accept or reject a RC request even        before the RC is setup by the media communication server.    -   Integration with the Outlook program to use its calendar as an        input for the availability decision logic as well as the        participant's calendar to reflect the RC call status and any        pending RC requests.    -   Ability to place the RC based on request priority in addition to        availability and time of request.    -   Allow optional RC calls to be placed even when certain        participants are busy—using call-waiting to inform and invite        them to the RC.

When the server receives a RC Request, a validation check is done tomake sure that all the participants involved have signed on for RCservices. In addition, the server also checks to make sure noperformance impacting thresholds have crossed. If a valid RC request,the server will queue it up and send a RC Response with the status aswell as a RC Id associated with that request. If the RC request is foundto be invalid or a request that cannot be accepted, the server will senda RC Response with the failure cause back to the originator.

In the event all the participants are available at that instance, theserver will process this request like any other PP or PMP call—the mediapath will be established and a successful RC Response message with thestatus sent to the originator.

The RC server will periodically go through the list of outstanding RCrequests to determine if any of them are ready for call setup. The flowchart in FIG. 2 captures the logic that is employed by the mediacommunication server to select the RC Requests that are eligible forsetup.

Once the list of RC requests that eligible for setup is determined theRC capable media communication server will begin the process of settingup the individual media paths. For all participants involved in thecall, send a RC Prompt message. The RC prompt will contain the detailsabout the chairperson, the list of participants, call summary etc. Theserver will collect the RC Prompt Responses that come back from theclients. It will also keep track of any messages that are sent by theparticipants. If any of the participants had rejected the RC prompt orthere was timeout (lack of response from a client), the server willconclude it is a failed RC call attempt and will send a RC CancelledNotify to all the participants who responded and the chairpersoninforming them about the cancelled call as well as the response from theusers if any. In the event that all the participants accepted the call,the RC server will put together a PP/PMP request with all theinformation the media-switching layer requires and will forward thisrequest to the media-switching layer to setup the call. It will alsosend a RC In-Progress Notification to all the participants about thecall being setup

9. Conclusion

The service provided by the RC media communication server will make thetask of communicating within the enterprise more effective and will savetime for employees who have to depend less on voice mail. This isespecially true for employees who are mobile and not tied to a deskphone. The media communication server will take the mobility aspectsinto consideration while determining the optimum time for placing theconference call.

10. Advantages of the invention include

-   -   Efficient setup and establishment of PP and PMP conference calls        that are automatically scheduled taking all the enterprise        rules, participant preferences and availability into        consideration.    -   Effective and efficient communication with in the enterprise        because of calls being established at the right moment instead        of relying on voice mails to get back and forth and constant        calling to check availability. This is all the more true for a        work force that is mobile and is not tethered to desk phones.    -   Capability in the client to provide an option to convert a        simple PP or PMP call to a RC request if one or more        participants are not available at that time in addition to the        standard voice mail service.    -   Integration of the enterprise presence server in the media        communication server with enterprise rules and user preferences.    -   Integration with Outlook and other calendar programs to let the        media communication server manage the conference calls just like        meetings.

11. The introduction of logic in the media communication servers to takeusers availability and preference while pacing a conference all willresult in fewer failed call attempts and will also ensure that the callsplaced meet their desired objective with all the participants present.This method allows the media communication server to correlate thepresence information from the presence server with the administratorcontrolled enterprise rules and the user controlled user preferences incoming up with the optimum time to place a PP or PMP conference call.This logic in deciding the optimum time results in effectiveconferencing within the organization and will also save time and moneyspent in proving this service.

12. RC Client Technical Specifications

The diagram in FIG. 5B gives a very high-level time line for the messageexchange between the clients and the media communication server duringthe course of setting up a RC request and the subsequent establishmentof the RC. The following actions will be supported on the RC client forRC capability.

-   -   a. RC Request Processing    -   b. RC Response Processing    -   c. List and modify/cancel outstanding RC requests    -   d. Early response (accept/Reject) for outstanding RC requests    -   e. RC Prompt message processing    -   f RC In-Progress and RC-Cancel Notify message processing

13. RC Server Technical Specifications

The diagram in FIG. 5C captures the core logic that is employed by theRC server to support this functionality.

-   -   a. RC Request processing    -   b. Automatic conversion from standard PP and PMP call to RC        Request based on participant unavailability and preference.    -   c. Periodic RC Request processing—timers and selecting RC        requests to setup based on all the criteria specified before.    -   d. Presenting RC Prompt and collecting responses as part of RC        call setup.    -   e. RC media path setup.

To elaborate, embodiments of the invention relate to teleconferencingmanagement. In the prior art, the setting up of a teleconference is atedious, manual and time-consuming task, requiring the participation ofa human being and a lot of patience. For example, if there are fiveparticipants, one of the participants or his/her assistant (referred toherein as “the facilitator”) must take the initiative to set up theteleconference ahead via email or IM or another communication means suchas telephone or in person with the participants to obtain an agreementpertaining to the teleconference time and method.

For example, the human facilitator may employ an email program to accessthe calendar of each participant if such a shared calendar is in factavailable. Then the facilitator must set up an appointment for each ofthe participants and obtain their agreement as to the teleconferencetime and method. Once all parties consent, the facilitator would set upa teleconference facility, typically with the telephone service provideror by designating one of the participants to be the teleconferenceleader responsible for teleconferencing others in when the designatedtime to hold the teleconference arrives.

When the time to conduct the teleconference arrives, each participant isthen responsible for calling in to the designated telephone number thatthe facilitator has set up so that he/she can participate in theteleconference. If the participant does not know how to call in and/orunfamiliar with the procedure to enter the requisite user id/password,more time is wasted to assist that participant in making theteleconference call. This is often the case when one of the participantsis calling from another country and may require a special dialingsequence, for example. At the designated teleconference time, if one ofthe participants fails to show up and that participant is needed for theteleconference, it may be necessary to reschedule the teleconference sothat all the required participants may be able to participate.

Furthermore, the prior art method of setting up the teleconference calldoes not take into account the preference of individual participantsregarding their preferred communication mode or their time-dependencecommunication mode (e.g., cell phone from 7 a.m. to 10 a.m., IM from 12p.m. to 1 p.m., and office phone the rest of the time). This type ofaccommodation needs to be handled manually and individually with eachparticipant in the prior art when the human facilitator emails or callsaround to try to set up the teleconference.

In accordance with embodiments of the present invention, there areprovided computer-implemented methods and apparatus for automaticallysetting up a teleconference among a plurality of teleconferencingparticipants. Embodiments of the present invention automaticallydetermine the availability and preference of each participant. If, at agiven time within the permissible teleconference window, allparticipants are found to be available, embodiments of the inventionemploy a rendezvous call (RC) server to automatically confirm theavailability of all participants using individual participants'preferred communication mode at the time the inquiry is made. If allrequired participants consent to conduct the conference, embodiments ofthe present invention then connect the bearer channels to eachparticipant so that the teleconference may proceed.

As the term is employed herein, a rendezvous call refers to a conferencecall that is automatically setup and initiated based on parameters thathave been entered in advance by a facilitator. The setup is automatic inpart because the RC server monitors for presence status of theparticipants and employs the participants' preferences and preferredmode of communication for conducting the teleconference. Initiation isautomatic in part because each participant is called by the RC serverwhen the RC server determines that it is possible to conduct theteleconference given the parameters that have been furnished regardingthe teleconference.

In an embodiment, enterprise-wide RC rules may be applied to modify thepreferences settings that have been set by some users. For example, if ahigh level manager wishes to set up a rendezvous call at a given time,the enterprise RC rules may override a preference setting that has beenset by a low-level employee to not hold the teleconference at that time.The enterprise RC rules may also be employed to enforce other RCpolicies, such as the level of authority given to each participant toinvite, whether long distance teleconferencing is permissible, what todo in case of overlapping or conflicting teleconferences orunavailability on the part of certain participants. The enterprise RCrules may be as simple or as complex as required by a given enterprise.

Users can also indicate preferences regarding, for example, theirgeneral availability and preferred communication modes. In some cases,users may be able to block or permanently decline certain types ofteleconference requests, for example. Users may also specifytime-dependent communication preference so that if, for example, a RCwere to occur in the morning, the user can be contacted at his deskphone whereby an evening RC should be routed to the user's cellularphone.

A presence server tracks the availability of users to determine whetherall required users are available for the purpose of conducting the RC.Using the presence server, embodiments of the invention are able totrack whether the participants have logged on and/or the location and/orcommunication method which a participant has specified. If everyone isavailable, and their availability coincides with the window that thefacilitator has indicated to be a suitable window for conducting the RC,embodiments of the invention automatically inquire the participants andconfirm their availability for the rendezvous call. If all partiesconfirm, embodiments of the invention create the bearer channel to eachparticipant, connect the bearer channel together to create the RC, andthe RC can proceed.

The features and advantages of the invention may be better understoodwith reference to the figures and the discussions that follow.

FIG. 19 illustrates, in accordance with an embodiment of the invention,a high level logic block diagram of the automated rendezvous callingenvironment 1902. In FIG. 19, there is shown a mobility server 1904,representing the physical hardware in which the RC server module 1906 isimplemented. One skilled in the art will appreciate that RC servermodule 1906 may also be implemented on a separate chassis, if desired.

A plurality of RC clients 1908, 1910, 1912, and 1914 are shown.Rendezvous call client 1908 represents a mobile handset; RC client 1910represents a PDA; RC client 1912 represents a wired IP phone; and RCclient 1914 represents a software client executing as a soft phone on alaptop or a desktop computer. Each of RC clients 1908, 1910, 1912, and1914 executes the RC client software that can be employed to set uprendezvous calls with RC server module 1906, to indicate theirpreferences. The RC server module will process and/or forward thispresence information to one or both of the internal presence server andexternal presence server as applicable. The preferences of the RC clientare also set in the user preference data base 1924, by the RC servermodule.

A properly authorized user may also employ his RC client to setenterprise RC rules (in enterprise rules database 1926). One skilled inthe art will appreciate that any computing device capable of executingthe RC client software for interacting with RC server module 1906 can beemployed. In addition, an enterprise administrator can also use themanagement interface provided by the RC server module to set theenterprise RC rules in the enterprise rules database 1926.

When a RC client 1908 wishes to set up a RC, RC client 1908 communicateswith RC server module 1906 to indicate the block of time during whichthe teleconference may take place (e.g., from 8 a.m. to 12 p.m. onThursday, Dec. 1, 2007), the duration of the teleconference (e.g., 30minutes), the required participant(s), and optionally the topic of theRC. RC client 1908 may also specify the identity of the requiredparticipants and the optional participants, if desired. In anembodiment, the request by a RC client 1908 may be automaticallycommunicated to all required participants so that such requiredparticipants may be made aware of the pending request. In anotherembodiment, the request may be automatically inserted into theelectronic calendar (e.g., via an emailed or IM calendar event request)such that the requested RC may be posted to the participants' calendars,and the participants may be made aware of the pending request. Ifdesired, the participants may be asked to comment or accept or rejectthe proposed RC.

At the start of the specified RC window (e.g., the aforementioned 8 a.m.to 12 p.m. on Dec. 1, 2007), RC server module 1906 inquires via one orboth of internal presence server 1920 and external presence server 1922whether all participants are available. A given participant'savailability may be inferred from the participant's calendar and/orlog-in activity or by the application of the enterprise conference callrules/user preference. If all participants are not available, RC servermodule 1906 continues to monitor one or both of the presence servers todetect when all participants are available.

When all participants are available, RC server module 1906, employingthe rules and preferences set up in enterprise RC rules database 1926and/or user preference database 1924, sends a notification to each ofthe participants (e.g., PDA 1910, wired IP phone 1912, and soft phone1914) to confirm that the RC time has arrived and that the RC is aboutto begin. If all participants consent, RC server module 1906 thenemploys media signaling layer 1930 and media switching layer 1934 toaccomplish the bearer channel connection among the participants. Forexample, RC server module 1906 may employ the switching module inmobility server 1904 to establish calls between each participant to themedia server 1904 or to the enterprise PBX, wherein the individualbearer channels may be interconnected to create the RC. Thereafter, theRC may begin.

On the other hand, if one or more participants decline, RC server module1906 may return to the monitoring state to continue to monitor for thenext opportunity to set up the RC with the participants when allparticipants are found to be available. In an embodiment, RC servermodule 1906 may inquire the declining user as to the time that thedeclining participant wishes to conduct the RC, and may employ that timeto set up the RC again. If a participant continues to decline, the humanfacilitator may optionally be notified to manually intervene ifnecessary to facilitate the initiation of the teleconference.

FIG. 20 shows, in accordance with an embodiment, the steps taken by RCserver module 1906 in setting up a RC call. In step 2002, RC servermodule 1906 inquires one or both of internal presence server 1920 andexternal enterprise presence server 1922 to ascertain whether allparticipants are available.

If all participants are not available (no branch of 2002), the methodproceeds to step 2004 to inquire whether the RC period has expired. Ifthe RC period has not expired, the method returns to step 2002 tocontinue to monitor whether all participants are available.

On the other hand, if the RC period has expired (the yes branch of2004), RC cancel processing (2050) is initiated wherein the facilitatoris notified that the RC request has expired and it was not possible toset up the RC due to unavailability of participants during the RCrequest period.

If all participants are available according to the presence server (theyes branch of step 2002, the method proceeds to step 2010 to add thecurrent pending RC request to the list of eligible RC requests).

The difference between a pending RC request and an eligible RC requestrelates to the fact that a pending request is a request for which allparticipants have not been confirmed to be available whereas an eligibleRC request is a request for which all participants have been confirmedto be available.

For each eligible RC request, the processing proceeds as follows. Instep 2020, the participants associated with an eligible RC request areidentified. The same determination is made for all eligible RC requests.Further, overlapped participants are identified. As the term is employedherein, an overlapped participant represents a participant havingoverlapping eligible RC requests. For example, if a given participant isinvolved in two different eligible RC requests, both of which have anoverlapping RC request period, a potential conflict occurs since a givenparticipant cannot be in two different RCs simultaneously. Thus, theoverlapping participants are identified and the RC request sub-groupsare created accordingly.

In an embodiment, each participant is assigned only to a singlesub-group. That is, no single participant is assigned to two differencesub-groups. Accordingly, the RC associated with each sub-group canproceed independently of the other RCs associated with anothersub-group. For example, suppose there are four eligible RC requests thatare eligible to be set up as teleconferences (i.e., all participantshave confirmed their availability). Suppose for RC 1, the participantsare A, B, and C; for RC 2, the participants are A, C, and D; for RC 3,the participants are W. X, and Y; and for RC 4, the participants are D,E, and F.

In this case, two sub-groups can be created, with the first sub-groupcomprising RC 1, RC 2, and RC 4 (involving participants A, B, C, D, E,and F). The second sub-group comprises the third teleconference RC 3(involving participants W. X, and Y).

In step 2024, it is ascertained whether, for each eligible RC request,any of the participants are involved in multiple eligible RC requests.If not, the method proceeds to block 2026 wherein the RC for thoseeligible requests, i.e., those RCs comprising participants that are notinvolved in any other eligible RC request, is set up. In this example,the third RC involving participants W, X, and Y can be set up in step2026.

On the other hand, if the participants are involved in multiple RCrequests (as in the case of RC 1, RC 2, and RC 4), the method proceedsto step 2030 to sort and identify optimal non-overlapping RC requestsub-groups. For example, with reference to the example herein, since RC1, RC 2, and RC 4 are identified to involve overlapping participants, analgorithm may be created to determine whether some RCs may have a higherpriority than others, whether within a sub-group certain RCs do not haveoverlapping participants, and the like.

In this case, it is ascertained that RC 2 and RC 4 do not haveoverlapping participants. However, the 1st teleconference RC 1(involving participants A, B, and C) has a conflicting participant withboth the 2nd teleconference RC 2 (involving participants A, C, and D)and the 4th teleconference RC 4 (involving participants D, E, and F). Anexample algorithm may vote to suggest that, by conducting RC 2 and RC 4,the number of teleconferences that can be conducted simultaneously ismaximized.

However, it is possible that another algorithm may determine that RC 1involves a more pressing topic or a more important participant or groupof participants and should take precedence. These different algorithmsfor resolving conflicts are only examples and may be as simple or ascomplicated as desired by a given enterprise.

Following the present example, the method proceeds to step 2032 wherethe RC call setup processing for the RC request from the non-overlappingsub-groups is executed. In this case, the RC call setup processing forRC 2 and RC 4 would be initiated, leading thereafter to the RC callsetup process 2026 for these two teleconferences. The RCs that did notget set up may be returned to the list of pending RC requests or maystay as an eligible RC request if desired.

FIG. 21 shows, in accordance with an embodiment, a simple call flowinvolving two teleconference participants. In this example, user A anduser B are requested to participate in an RC via a pending RC requestand the RC request period has begun. Furthermore, for the purpose of thepresent example, user A's starting state is available whereas user B'sstarting state is not available. As shown in FIG. 21, user A makes an RCrequest to a mobility server for the RC (2102). Mobility server 2102responds in 2104 with a rendezvous call ID (RCID) which is, for example,1900 in this case.

Period 2106 pertains generally to RC request processing. Period 2108pertains to the processing of pending RC requests. Thus, user A mayinquire the list of pending RC requests in which user A has beenspecified to be a participant. Assuming that no other user has requestedthat user A participate in another RC, mobility server returns (2110)with the list of teleconferences in which user A is a requestedparticipant. Period 2112 pertains to the confirmation period wherein thepresence server has noted that the participants have become availableand the RC server module is confirming whether the participants wish toconduct a teleconference. Thus, user B availability is updated with thepresence server in mobility server (2120).

Noting the availability of both user A and user B, mobility server 2102then sends the prompt that confirms whether the user A and user B wishto conduct a teleconference at this time. This is shown by referencenumbers 2122 to user B and 2124 to user A, respectively. User B thenresponds (2126) and user A also responds (2128). If both users acceptthe teleconference request, processing proceeds according to the stepsshown in period 2140. If one or both of the participants decline,processing proceeds according to the steps shown in period 2150. Inperiod 2150, if one or both of user A and user B reject the request bythe conference call server module (implemented within the mobilityserver in this example), mobility server then sends the cancel notify(2152/2154) to one or both of user A and user B indicating that therequest is rejected. The notification may also be sent if the pendingrequest has timed out, i.e., the RC request period has expired.

On the other hand, if both participants A and B agree to conduct ateleconference, mobility server 2102 then sends out the notification(2142 and 2144, respectively) to user B and user A to indicate that theteleconference is about to be set up.

FIG. 22 shows, in accordance with an embodiment of the presentinvention, the call flow for setting up the teleconference using theparameters specified in the example of FIG. 21, except that the mobilityserver is now shown to include as constituent components presenceserver, call control, and RC server. Thus, in the RC request processingperiod 2206, user A indicates his availability status to the presenceserver and RC request and RC response are communicated between the RCserver and user A. During the query pending RC request period 2220, therequest for the pending RC list involving user A and the response withthe RC list involving user A are communicated between user A and the RCserver as shown. During the prompting period 2240 during which the RCserver is attempting to confirm with all participants that theparticipants are now available and should be conducting theteleconference. Thus, the availability of user B is communicated betweenuser B and the presence server, and the presence server communicates thepresent status of user B to RC server. The prompt to confirm theteleconference is communicated from the RC server to the users A and B,respectively, and the responses from each user is communicated back tothe RC server respectively. In the responses, one or both users mayaccept or reject the requested teleconference. If one or both usersreject the requested teleconference from the RC server, the RC servermay send the cancel notification to the users respectively (ifrejected).

On the other hand, if both participants accept, the RC server then sendsthe in progress notification to both participants respectively duringaccept RC call period 2270. Thereafter, the RC server communicates withcall control via a call control message indicating that participants Aand B should now be set up in a teleconference. Call control thenemploys, for example, the SIP invite message to participants to user Aand user B rendezvous-enabled communication device to begin setting upthe teleconference

As can be appreciated from the foregoing, embodiments of the inventioneliminate the manual and time-consuming steps involved in setting up theteleconference beforehand via one communication mode (e.g., Outlook, IM,in person, email in advance, or telephone in advance) in order tomanually confirm with each participant regarding the time andavailability for the teleconference. Embodiments of the invention alsoeliminate the need for a human facilitator to manually connect eachparticipant or for the participant to call in manually, furthereliminating the possibility for error or forgetfulness. By using acombination of the presence server, the enterprise RC rules, and theuser preferences, the user can be communicated when the user isavailable within the RC request period using the communication modepreferred by the user and in accordance with the business rules set upby the enterprise. In this manner, teleconferences can be set up in anefficient and automated manner, eliminating reducing wasted time andconfusion and/or frustration on the part of the facilitator and/or theparticipants of the teleconference.

D. CALL ROUTING VIA RECIPIENT AUTHENTICATION

1. More and more enterprises are allowing their employees to use theircellular phones for business purposes. Employees use their cellularphones to place calls into the enterprise to access enterprise voicefeatures such as checking voice-mails, setting call-forwarding number,etc. In these cases, the enterprise sever authenticates the caller overIVR (Interactive Voice Response). These are instances where employeespecific data is pulled by an employee from the enterprise.

2. In the future, a lot of enterprise features will be pushed to thecellular phones, such as Personal Information Management (PIM) overvoice, email voice over phone, etc. To push all these features to acellular phone, the enterprise server needs to establish a connection tothe employee's cellular phone by initiating a call from the enterprise.Such a connection assumes that the enterprise employee has his cellularphone. In case the enterprise employee does not have his cellular phone,or has started using another cellular phone (borrowed, loaner orreplacement phone), the following issues arise for the mobilityapplications:

a. The enterprise risks loosing the proprietary/personal information toan unauthorized person. This information includes phone calls intendedfor the enterprise employee, emails over voice mail, PIM informationetc.

b. Also, in case the employee does not answer the phone call initiatedby the enterprise server, the cellular operator voice mail will answerthe call and record the enterprise emails and voicemails in its mailbox.

This invention discusses a method by which the enterprise server canestablish the authenticity of the person in possession of the cellularphone. It also ensures that the entity that answered the phone is reallythe enterprise employee and not operator voice mail system or someun-authorized person.

3. Method—This invention is implemented by devising a cellular handsetapplication which authenticates the user. The authentication logic isoutlined below

a. Upon start of the application, it prompts the employee for theauthentication information such as user name and password. Thisinformation may be stored in the application for limited time period ascache. The cache will expire after configured time period.

b. When the enterprise server calls the employee, the application willanswer the call before the phone rings. If the user's login informationhas expired, the application gets the users attention (by ringing, forexample) and asks the user to authenticate again. If the user's logininformation has not expired then his cached authentication informationis used. The application transmits a sequence of numbers (ReversedCaller ID-RID) to the server using DTMF to authenticate the user who isusing this cellular phone. This sequence is derived using the user nameand password entered by the employee.

c. Server authenticates the employee by calculating RID using the sameuser name and password provisioned on the server.

d. If the RID matches, the server is assured that it is theauthenticated employee using the cellular phone and it may commence themobility application such as phones calls, phone call hand-overs, emailvoice over, voice mail etc.

e. If the server does not receive the RID within a pre-defined intervalafter the call is received (OFF-HOOK equivalent) or if the RID does notmatch, it may assume that it is not the authenticated user on thecellular phone. At this stage either the phone call may be terminated ormay be routed to the voice mail system in case of single voice mailapplication.

4. Benefits—Using the above method for mobility applications theenterprise server may achieve the following benefits

a. Enterprise information protection—The enterprise server candistinguish between an authorized employee using the cellular phone andun-authorized user or operator voice mail by making use of RID. Forexample—

i. Transparent call routing—User possesses a dual mode (Wi-Fi andCellular phone) with Voice over IP application. For incoming callrouting if the server determines that user is not reachable over VoIP,it may choose to connect over cellular network. This method will ensurethat it is reaching the authorized user.

ii. Voice over IP (VoIP) to cellular hand-off—this method ensures thatit is the same employee who was connected over VoIP.

b. Single Voice Mail—If the employee chooses not to answer the incomingcellular call from enterprise server—this method ensures that the voicemail is not left with the cellular operator voice mail system. Since theserver can determine that operator voice mail system has answered thecall indicated by lack of the RID in the beginning of the connectedcall, the server may choose to hang-up the cellular call and route thecall to the internal voice mail, thus enabling Single Voice Mail.

To elaborate, as discussed earlier, the mobility server has thecapability to seamlessly connect, as one leg of a given call, from themobility server to an employee's mobility client in the public cellularnetwork despite the fact that the caller has placed a call to theemployee's extension number in the enterprise instead of to theemployee's mobility client. For example, if a call has been placed tothe employee's extension in the enterprise and the employee hasregistered his mobility client (e.g., registered his public mobilityclient number) as a telephone to which calls to the employee's extensionnumber in the enterprise can be forwarded, the call from the caller canbe connected from the caller's handset to the mobility server as one legof the call. As the other leg of the call, the mobility server canconnect, using its own switch or the PBX's switching capability, backout to the public cellular telephone network and via the public cellulartelephone network to the employee's mobility client. This is so eventhough the call was made to the employee's extension number in theenterprise.

As another example, the employee may possess a dual mode telephone androam away from a Wi-Fi area, such as from within the premise of theenterprise out to an area not covered by Wi-Fi but instead covered bythe public cellular telephone network. In this case, in the middle ofthe call, a hand-off may occur whereby the mobility server and/or theemployee's dual mode telephone realize that the employee dual modetelephone has roamed outside of Wi-Fi coverage and that the call needsto continue via the public cellular telephone network to the employee'sdual mode telephone (now operating in the cellular mode).

Although this capability represents a dramatic improvement inconvenience and ease of manageability of the employee's telephonespresence, some interesting challenges arise. One of the challengespertains to the security implications of transmitting voice and/or datato a mobility client that may or may not be in the physical possessionof the employee. For example, if the mobility client has been stolen orif the mobility client has been loaned to another person, such as theemployee's friend or a relative, a security risk is created with respectto the voice and data transmitted to the mobility client. The risk ismagnified since the caller may not realize that the call has ended upoutside of the enterprise despite the fact that the caller has dialedthe employee's enterprise extension number and has expected, based onpast experience or conditioning, the call to terminate within theenterprise.

Another challenge relates to voicemail management. Since the callermakes the call to the employee's enterprise extension number, thetypical expectation is that if the employee does not answer thetelephone, the enterprise's voicemail system would pick up and beemployed to store any voicemail that the caller wishes to leave. In somecases, the employee may not answer the call due to the fact that, forexample, the telephone may not be turned on or there may be noconnectivity to the cellular network or the employee may simply fail tohear the ring tone to answer the call. Yet, since the mobility servertransparently and seamlessly passes, if the employee fails to answer thecall or has roamed away, the call to the public mobility client numberto terminate the call via the public cellular telephone network, themessage may be picked up by the cellular voicemail box of the publiccellular service provider instead.

In accordance with embodiments of the invention, there is provided acellular recipient authentication (CRA) technique to authenticate theidentity of the called party prior to the completion of the call betweenthe mobility server and the mobility client operating in the publiccellular network. In the context of this technique, the mobility clientmay refer either to a cellular-only telephone that runs the mobilitysoftware to enable the mobility client to be connected via the mobilityserver or may also refer to a dual Wi-Fi/cellular mode telephone thathas roamed outside of Wi-Fi coverage.

In accordance with embodiments of the present invention, prior tocompleting the call leg between the mobility server (which may representeither the mobility server switching functionality or a combination ofthe mobility server and the enterprise PBX depending on implementation),the cellular recipient is authenticated. During the authenticationperiod, the recipient is given a fixed amount of time to provideauthentication information that is satisfactory to the mobility server.

If the authentication information provided by the recipient isunsatisfactory or if proper authentication does not arrive within theallotted authentication time, the mobility server does not create thebearer channel connection between itself and the mobility client via thepublic network. As such, even if the employee's mobility client islost/stolen or if the employee loaned the mobility client to anotherperson, the lack of proper authentication information would inhibit thebearer channel from being established between the mobility server andthe mobility client. In this manner, voice/data security is assured.

Further, if the employee does not answer the cellular call, theauthentication information would not be received by the mobility serverwithin the allotted authentication period. In this case, the bearerchannel is not established between the mobility server and the mobilityclient and thus the voice/data call will not be stored in the voicemailbox of the public network. Instead, if the employee fails to answer thecellular call (i.e., fails to pick up the call), the mobility serverlogic would instead complete the bearer data connection to the employeeenterprise voicemail box, thereby enabling the caller to leave themessage in the enterprise voicemail box.

In an embodiment, the employee may have entered and cached theauthentication information earlier (e.g., when the client application isactivated for the first time). Thus, even though the employee may nothave answer the cellular call, authentication information about therecipient of the call may still be sent to the mobility server. Thus,authentication may be performed and the mobility server may stillestablish a bearer channel to connect the voice/data call to thevoicemail box of the public network.

In an embodiment, the cache authentication information may be set toexpire periodically (e.g., every 24 hours, every hour, user configurabletime). As such, even if the employee's mobility client is lost/stolen orif the employee loaned the mobility client to another person, theunauthorized third party is not able to establish a connection with themobility server. In addition, once the cache has expired, the employeemay have to reenter the authentication information the next time theemployee may wish to establish a connection with the mobility server.

In an embodiment, the authentication is provided using an inlineencoding technique from the mobility client to the mobility server. Suchencoding techniques may include, for example, DTMF (Dual ToneMulti-Frequency) signaling. In an example, the employee may utilize themobility client's keypad to enter in the required authenticationinformation. In another embodiment, the user may verbally provide theauthentication information so that the authentication information may beprocessed by voice recognition technologies. Other forms of encoding,such as those associated with GPRS (General Packet Radio Service), GSM(Global System for Mobile Communication), CDMA (Code Division MultipleAccess), etc., may also be employed as long as the necessaryauthentication data is satisfactorily transmitted by the user via themobility client and received by the mobility server within the allottedauthentication period.

In an embodiment, both the software within the employee's mobilityclient and the software executing on the mobility server implement thesame mathematical function to compute an authentication result. Forexample, the software on the employee's mobility client may compute theauthentication result as a function of the user ID, password, and/or anyother authentication data that the recipient has set up beforehand withthe mobility server. The same mathematical function operating on thesame parameters is also computed by the mobility server.

When the mobility server receives the authentication result computed bythe mobility client software (which may be transmitted to the mobilityserver in an encrypted or unencrypted form), the mobility server wouldcompare the received authentication result with the authenticationresult that the mobility server has internally calculated. If the twoauthentication results match, authentication is deemed to be successfuland the bearer channel between the mobility server and the mobilityclient may be established.

In an embodiment, the mathematical function employed to calculate theauthentication results may also employ a nonce value. For example, themobility server may provide a nonce value to the mobility client as partof the authentication procedure. The use of the nonce value furtherstrengthens data security since such use helps minimize the impact ofreplay attacks.

The above-discussed specific authentication techniques are onlyexamples. It should be kept in mind, however, that authentication may beaccomplished in any reasonable manner, and the use of a user ID, apassword, and/or the aforementioned nonce value may not be required inall situations. What is important is that the identity of the cellularrecipient (instead of or in addition to the identity of the mobilityclient) is confirmed by the mobility server before the mobility serverestablishes the bearer channel between itself and the mobility clientvia the public cellular telephone network.

The features and advantages of various embodiments of the invention maybe better understood with reference to the figures and discussions thatfollow. FIG. 23 shows, in accordance with an embodiment of the presentinvention, a call flow for the cellular recipient authenticationprocedure that takes place when a new telephone call is made by a callerto a recipient via the recipient's enterprise extension number. In thisexample of FIG. 23, the recipient has roamed outside of Wi-Fi coverage(in the case of the dual mode Wi-Fi/cellular mobility client) or therecipient is not at his desk and has specified for the call to beforwarded to his mobility client.

With reference to FIG. 23, caller A employs a signaling protocol toinform mobility server 2320 that caller A wishes to connect with thetelephone at the extension associated with recipient B. For example,caller A may call the telephone number 111-222-3333 that is associatedwith the enterprise, and has further entered the extension number (suchas 4444) associated with the recipient. The signaling is shown in FIG.23 by reference number 2302.

Mobility server 2320, realizing that the call needs to terminate via thepublic network, contacts the mobility client of recipient B viasignaling paths 2304 and 2306 through the mobility client network to themobility client of recipient B.

Furthermore, the attempt to establish contact with recipient B alsostarts the authentication period, shown in FIG. 23 by reference number2314. If proper authentication 2308 is received within the allottedauthentication period 2314, mobility server 2320 then establishes abearer channel to recipient B's mobility client via the cellularnetwork. In an embodiment, the authentication requires activeparticipation by the user to provide confidential authentication data tothe mobility server (via the mobility client). As such, the call isauthenticated with the person, and not only with the handset.

The bearer channel is shown by reference number 2310 in FIG. 23,depicting the connection between mobility server 2320 to the publicnetwork and to recipient B's mobility client. The establishment of thebearer channel between mobility server 2320 and recipient B's mobilityclient completes the end-to-end bearer channel from caller A torecipient B.

When the call (which might be either a data call or voice call) iscompleted, either caller A or recipient B may provide the hang up signal(hang up signal 2312 is provided by caller A in the example of FIG. 23),resulting in the call being terminated (2314). Notice that, in thiscase, unless proper authentication 2308 is received within the allottedauthentication period 2314, the bearer channel between caller A andrecipient B is not completed. As part of the authentication procedure, anonce value may be provided (e.g., as part of signaling 2306) ifdesired.

FIG. 24 shows, in accordance with an embodiment of the presentinvention, a call flow that occurs when the recipient does not answerthe cellular call. This may occur when the cellular recipient has nocoverage (either Wi-Fi or cellular) or if the mobility client is turnedoff or if the recipient simply fails to answer the call.

In this case, the voicemail message from caller A is left with theenterprise voicemail box instead of with the public cellular system'svoicemail box, thereby simplifying voicemail management and reducingconfusion for both the caller and the recipient. With reference to FIG.24, caller A informs mobility server 2320 that it wishes to establish acall to recipient B by dialing the enterprise's telephone number,followed by the recipient's extension number. This is shown by referencenumber 2402 in FIG. 24.

Mobility server 2320 then realizes that it needs to complete the call torecipient B via the cellular network (for example, when mobility server2320 knows that recipient B has roamed outside of Wi-Fi coverage).Mobility server 2320 then makes a call to the cellular network (2404)and since the recipient does not answer, the signaling portion of thecall is established into the cellular network voicemail after some time,as shown by reference number 2406.

When mobility server 2320 attempts to contact the recipient, it alsostarts the authentication period 2314 and waits for the properauthentication from the recipient. During this time, caller A does nothave an end-to-end bearer channel to the voicemail box of the publiccellular telephone network and, therefore, does not even know that thepublic cellular network's voicemail is involved. During thisauthentication period, caller A may for example hear a pre-recordedmessage from mobility server 2320 asking caller A to wait while anattempt is made to find recipient B.

Since recipient B does not answer the call, proper authentication is notreceived by mobility server 2320 within authentication period 2314.Accordingly, mobility server 2320 does not complete the bearer channelleg between itself and the voicemail box in the public cellular network.Instead, mobility server 2320 completes the call by creating a bearerchannel between itself and the recipient's enterprise voicemail box,resulting in an end-to-end bearer channel between caller A and therecipient's enterprise voicemail box. This is shown by reference 2412 inFIG. 24. The caller A may now begin to record a voicemail message in theenterprise voicemail box of recipient B.

At some point in time, caller A completes the call and indicates tomobility server 2320 that it hangs up (2414), resulting in mobilityserver 2320 terminating the call.

As can be appreciated from FIG. 24, in the case where the recipient doesnot answer the cellular call, a call to the recipient's enterpriseextension will result in the voicemail message being left in therecipient's enterprise voicemail box even though mobility server 2320had attempted to complete the call via the public network. From theuser's perspective, the voicemail message is left in the propervoicemail box (i.e., the enterprise's voicemail box of recipient B) thatis associated with the telephone number dialed (the recipient'senterprise extension in this case), thereby reducing confusion andsimplifying voicemail management.

In some cases, the call to the recipient's mobility client may beinitiated by the mobility server itself. The situation may occur, forexample, if the recipient is a party to a conference call that was setup beforehand, and the mobility server is attempting to establishcontact with all conference call participants when the time comes toestablish the conference call. Again, if the cellular recipient cannotbe authenticated, mobility server 2320 does not allow the bearer channelto be completed to the recipient's mobility client, thereby protectingthe confidentiality of the information.

With reference to FIG. 25, mobility server 2320 begins by calling (2502)the public cellular network to attempt to establish via the publiccellular network a call to recipient B (2504). As part of the attempt toestablish contact with recipient B, mobility server 2320 starts thecountdown for the authentication. This is shown by reference number 2314in FIG. 25.

If the recipient is successfully authenticated during the allottedauthentication period 2314 (the recipient authentication is shown byreference number 2508), mobility server 2320 then establishes a bearerchannel to recipient B via the cellular network. This bearer channel isshown in FIG. 25 by reference number 2510. Thereafter, the call (whichmay be voice or data) can proceed between mobility server 2320 andrecipient B.

When the call is completed, either mobility server 2320 or recipient Bmay hang up, thereby terminating the call. This is shown by referencenumber 2512 in FIG. 25.

As can be appreciated from FIG. 25, if the recipient B fails toauthenticate within the allotted authentication period 2314, the call torecipient B does not proceed, and data-voice security is protected. Inan embodiment, if the authentication does not arrive within theauthentication period 2314, mobility server 2320 may connect the bearerchannel to the recipient's enterprise voicemail box. However, this is animplementation choice.

As can be appreciated from the foregoing, embodiments of the inventionallow the mobility server to ascertain the identity of the cellularrecipient prior to allowing the call to proceed to the recipient'smobility client. In so doing, the security of the voice call or the datacall is assured even if the recipient's mobility client is lost orstolen, or loaned to another person. That is, unless the authenticationis properly received from the recipient, the fact that an unauthorizedthird party physically answers the call does not automatically result inthe receipt of confidential voice/data information.

Furthermore, the cellular recipient authentication procedure ensuresthat if the recipient does not answer his cellular call, the voicemailmessage is left in the proper voicemail box that is associated with thetelephone number called by the caller. Thus, if the caller calls therecipient's enterprise extension number, the voicemail message is leftwith the recipient's enterprise voicemail box even if, as part of theattempt to complete the call, the mobility server 2320 contacts therecipient's mobility client via the public mobility client numbervoicemail box, voicemail management is improved and user confusion isreduced.

E. REDUCING DATA LOSS IN MEDIA HANDOFFS

1. Background:

With the advent and rapid deployment of Wi-Fi networks, people are usingtheir Wi-Fi enabled devices for data applications like email, internetusage, IM etc. Simultaneously, after years of trials and tribulations,VoIP is maturing as a viable alternative to the legacy telephony.Confluence of these two events is making VOWI-FI (or VOFI) a veryexciting proposition. One of the key requirements for VOFI is seamlesshandoff when moving across WLAN similar to what is available in cellularnetworks. When the device is dual mode (cellular and Wi-Fi capable),then the handoff can happen between Wi-Fi and cellular networks.

2. Summary:

At present, there are no ratified standards for handoff between APs inWi-Fi networks and no deployed products are providing the facility.Also, due to the fact that WLAN and cellular networks are managed bydifferent entities, there is no mechanism to do a handoff between thetwo.

The invention provides mechanisms for roaming/handoff within Wi-Finetworks and handoff between cellular and Wi-Fi network for voice calls.It is assumed that calls on Wi-Fi networks are VoIP calls using SIP,though it doesn't preclude using any other control plane protocol. It isalso assumed that in a typical VoIP network, there exists a SIP proxyserver for call processing a voice/media switching engine for RTP packetprocessing. For simplicity, we assume that both the components residewithin a single server box.

3. Detailed Description:

Following important criteria are used to making a handoff decision:

As far as possible, least expensive network should be used for making,sustaining and switching a voice call. In most of the cases, Wi-Finetwork is preferred choice for this requirement.

When the handoff situation arrives, time taken for the handoff should bereally very small. This requires very early detection for triggeringhandoff and very quick switching.

4. Handoff Scenarios:

a. Handoff within Wi-Fi Network:

When a mobile user roams within a Wi-Fi network, it is attached to onlyone AP at a time. As it moves out of range of that AP, it attaches toanother AP. If a voice call is active when the roaming occurs, therewill be some packet loss because of the time it takes to attach. This ismainly due to the fact that the device gets a new IP address resultingin RTP packet loss. It also results in loss of SIP session maintainedwith a SIP proxy server. IEEE standard 802.11r specifies fast roamingmechanism which allows device preauthentication with all the APsdetected in the neighborhood. However, this does not avoid allocation ofnew IP address.

In order to avoid the problem of losing RTP packet stream, thevoice/media switching device is notified of the impending roamingsituation. The voice/media switch can buffer a few RTP packets while thedevice attaches to the new AP. This notification also prepares the mediaswitch to expect a change of source address for the RTP packets from thedevice. This source address can be stored for a brief period of time andused for sending RTP packets coming from the other device with which thecall is active. In order to prevent any security breach due to addressspoofing or DOS type of attack, the voice switch starts a timer of say30 seconds. Within 30 seconds, the device needs to register the same IPaddress with the SIP server as part of the secure authentication. ThisIP address is sent to the voice/media switch. Voice/media switch thenstops the timer and continues passing voice packets across till the callends. It is assumed that after attaching to the new AP, the time takento acquire new IP address is miniscule and is within the range wherethere is no noticeable glitch in the voice stream for the listeninguser.

There are two methods of notification/detection of AP to AP roaming:

If the device pre-authenticates with one or more APs, it sends theinformation of the APs along with their SSIDs, signal strengths andother information to the server. This will prepare the server for animpending handoff situation. Just before attaching to a new AP, thedevice can send a quick notification to the server.

If the device moves into a zone where signal strength suddenly drops tozero and does not allow the device to send any notification, thevoice/media switch detects loss of periodic RTP traffic and initiatesbuffering the packets destined for the roaming device. When the deviceis detected again, then the buffered voice is played to it while the IPaddress validation continues as described above. This buffered voicecan't be more than 150-200 ms and is discarded if the time it takes toacquire new IP address is huge.

Another mechanism for a seamless handoff when going from one AP toanother is by first doing a handoff to PSTN network and then come backto Wi-Fi. This method assures that when the call leg comes back fromPSTN to Wi-Fi, there is no potential glitch being caused just in casethe device does not get IP address from the AP/WLAN switch or the routerwithin a short period of time. The handoff mechanism between Wi-Finetwork and PSTN network is described in the next section.

b. Handoff between Wi-Fi and Cellular Network:

The primary reason for a handoff from Wi-Fi to PSTN is performed whenthe device moves out of the Wi-Fi range while continuing to be in thecellular range. When the device comes back into Wi-Fi range and staysthere for a good amount of time, the handoff happens from PSTN to Wi-Fi.To fulfill these requirements, the mobile device keeps on monitoring theWi-Fi signal strength as well as keeping track of all the APs it canpotentially attach to. When one or both of these set of data determinesthat there is no good Wi-Fi network to use for the voice call, deviceand server put together needs to initiate a handoff to the PSTN network.In certain cases, even if the Wi-Fi network is perfect, it is possiblethat L3 network (IP in this case) is in a bad shape and incapable offorwarding high priority/time and delay sensitive traffic like voice(RTP) properly. A period L3 QOS test performed between the device andserver provides this data set. Based on the L2 and L3 capability,decision for a handoff is made.

There are two potential cases of Wi-Fi signal depletion and/or loss.

In one case, there is a steady degradation as the mobile user moves awayfrom the access point, and in other the signal drops to zero because theuser has moved to an unreachable area (e.g. an elevator).

In the second case, the signal can suddenly drop to zero or can do sovery quickly.

In order for the server to detect the need for handoff, it needs tohandle both the situations mentioned above. In the first case, when thedevice detects a slow degradation, it notifies the server once a lowsignal threshold is reached. This notification will go on the Wi-Finetwork over the control plane being used by SIP. Once the serverreceives this notification, it initiates a handoff and creates a callleg through the PSTN and cellular network.

In the second case, when the signal strength just drops to zero, thedevice does not get a chance to send any notification for the server toinitiate a handoff. In such situation, server relies on the data/mediaplane to determine loss of Wi-Fi. When the voice call is active,periodic RTP packets are received by the server. When there is no Wi-Fisignal, RTP packets would not be received by the server. Lack of arrivalof a finite number of consecutive packets triggers the handoffinitiation to PSTN leg. This holds true even in case of silence where atypical endpoint would send less, infrequent packets during persistentsilence. In this proposal, silence suppression is not used but VAD/CNGpackets are sent out with the same periodicity as regular voice packets.

When the mobile device roams back into a Wi-Fi network and attaches toan AP and obtains an IP address, it REGISTERS with the SIP server andstarts sending periodic keep-alive (KA) messages. When the KA messagesare received for a good amount of time (say 60 seconds), then a handofffrom PSTN to Wi-Fi is initiated. This is done provided the informationon L2 and L3 QOS is considered handoff-worthy.

Features and advantages of the present invention may be betterunderstood with reference to the figures and discussions that follow.

As mentioned above, an issue facing users in the prior art relates todisruption that may occur during wireless communication. During atelecommunication session (e.g., voice communication, audio streaming,video streaming, and/or financial information streaming), undesirableinterruptions may occur resulting in loss of data. Generally, when thetelecommunication device being employed is stationary, there may beinsignificant interruptions. However, when the telecommunication deviceis being moved from one coverage area to another, signal levels maydeteriorate and cause the telecommunication session to be disrupted,resulting in a negative telecommunication experience.

Consider the situation wherein, for example, a user of a mobiletelecommunication device is participating in a telecommunicationsession. During the telecommunication session, the user of the mobiletelecommunication device may roam outside of a wireless coverage area(e.g., wireless access point).

To facilitate discussion, FIG. 26 show a prior art simple block diagramof access points connected to different controllers. In the prior art,each coverage area may be managed by an independent wireless LANcontroller. In an example, a first access point 2602 may be connected toa controller 2604 and a second access point 106 may be connected to adifferent controller 2608. Controller 2604 and controller 2608 areindependent of one another and are not configure to communicate with oneanother even though a mobile telecommunication 2610 device may be ableto communicate with both access points (access point 2602 and accesspoint 2606).

When the user of mobile telecommunication device 2610 moves from thecoverage area supported by first access point 2602 to the coverage areasupported by second access point 2606 (as shown by a path 2612), mobiletelecommunication device 2610 may have to disconnect from first accesspoint 2602 before creating a new connection with second access point2606. In an example, the user of mobile telecommunication device 2610may have to disconnect (e.g., hang up) from first access point 2602 (viaan IP address from IP address space 2614) and may have to redial to bereconnected with the receiving party via second access point 2606 (viaan IP address from IP address space 2616).

The inability for the two controllers of the two access points tocommunicate with one another to enable a seamless handoff may causedisruption to the telecommunication session and provide a negativetelecommunication experience to both parties of the telecommunicationsession.

FIG. 27 shows a simple prior art block diagram of access points linkedto an interconnected set of controllers. A set of access points (2702and 2704) is connected to a controller 2706. Even though the accesspoints may be of different standards and may not communicate directlywith one another, controller 2706 may have a transcoder that may enablethe two access points (2702 and 2704) to communicate with one another.In an example, as a user of a mobile telecommunication device 2708 roamsfrom access point 2702 to access point 2704 (as shown by a path 220),controller 2706 may be able to transfer mobile telecommunication device2708 to access point 2704 without changing IP address.

Further, if mobile telecommunication device 2708 is only enabled withone transceiver, mobile telecommunication device 2708 may only be ableto connect with one access point at a time. Therefore, telecommunicationdevice 2708 may have to disconnect from access point 2702 beforeconnecting to access point 2704, creating a gap in the telecommunicationsession. During the gap, IP packets that may have already been sent maybe discarded since the destination (e.g., mobile telecommunication 2708)may be unavailable. As a result, mobile telecommunication device 2708may not receive all incoming IP packets. Although the gap is usually notlarge during handoff between access points of the same controller, theloss of IP packets may cause some disruption in the telecommunicationsession. In an example, during a telephone conversation, the disruptionmay cause a “choppy” voice quality.

In a further example, if the user of mobile telecommunication device2708 continues to roam (as shown by a path 2722) and enters the coveragearea supported by access point 2710, which is managed by a controller2712, controller 2706 may be able to perform a handoff to controller2712. Although a handoff is possible between two interconnectedcontrollers, a disruption may generally occur. In an example, controller2706 may be associated with an IP address from IP address space 2714 andcontroller 2712 may be associated with an IP address from IP addressspace 2716. Thus, when handoff occurs, the connection with IP addressfrom IP address space 2714 may be disconnected and another connectionmay be established with IP address from IP address space 2716 resultingin loss of IP packets (e.g., data loss).

Event if the set of controllers may be configured to perform handoffwithout creating a telecommunication session with a new IP address, thelatency that may exist during the handoff between two access points ondifferent controllers tends to be greater than the latency that mayexist in a transfer between two access points on the same controller.One reason is that the transfer between two controllers tends to gothrough both controllers.

In an example, a user may be roaming while watching a boxing match onhis Wi-Fi mobile telephone. While roaming, the user may be moving fromone access point to another. Each time the user moves into a coveragearea supported by an access point that is managed by a differentcontroller, the user may have to reconnect with a new IP address.Although the handoff is possible, there is usually more latency that mayoccur since IP address is changing. Thus, each time the user losesconnection, the user generally does not receive the missing IP packetsthat may have been sent while the user was disconnected. As a result,the telecommunication session may be unclear and/or distorted during thehandoff.

Further, this method of interconnected controllers is generallyimplemented utilizing proprietary protocol. Accordingly, for the handoffto be performed, the mobile telecommunication devices, the accesspoints, and even the controllers may need to be provided by the samesupplier or collaborating suppliers. The hardware limitation mayrestrict the choices available to an enterprise that may want to deploya wireless communication system with handoff capability. In addition,the cost associated with switching hardware may be a significant factorthat may further limit the flexibility of the enterprise to update itstelecommunication infrastructure.

In accordance with embodiments of the present invention, there isprovided a wireless communication system solution that includes aseamless wireless handoff that may be implemented by an enterprise. Inaccordance with one aspect of the present invention, the inventorsherein realized that data loss that may occur during a handoff betweentwo wireless access points may be substantially eliminated by bufferingthe IP packets being transmitted during the handoff. Embodiments of theinvention enable the wireless communication system to incorporate such abuffer system. Embodiments of the invention further include implementingthe buffer system on a mobility client and a mobility server.

Consider the situation wherein, for example, the user of a mobilityclient is communicating with a user on an external telecommunicationdevice via a wireless access point. During the telecommunicationsession, the user of the mobility client may roam.

In an embodiment of the invention, the mobility client may include amobility manager client module capable of communicating with a mobilitymanager server module located on the mobility server. As the user of themobility client roams, the mobility manager client module may detect(via a detecting mechanism) that the signal strength is deterioratingand that another access point is available, which may offer a strongersignal. In addition, the mobility manager client module may notify themobility manager server module when a handoff is forthcoming.

In an embodiment, the wireless communication system may include a voiceengine module and a media server and voice quality engine module capableof buffering outgoing IP packets. The purpose of the buffer system is toprepare for potential IP packets loss as the user roams from one accesspoint to another.

In an embodiment, after a new connection has been established with anaccess point that does not require an IP address change, the voiceengine module and the media server and voice quality engine module mayremove the buffer system and begin forwarding and synchronizing theincoming IP packets. As a result, a seamless transition may occur withsubstantially no IP packets loss.

In another embodiment, the media server and voice quality engine modulemay buffer the incoming IP packets until the mobility client hascompleted the registration process, if an IP address change hasoccurred. In addition, the mobility server may activate anauthentication timer. The authentication timer may be configured toprovide a pre-defined time limit for the owner (mobility client) of theIP packets to register with the mobility server.

In an embodiment, if registration and authentication process occur in atimely manner (within the pre-defined time limit), the voice enginemodule and media server and voice quality engine module of the mobilityserver may synchronize the incoming IP packets and continue theirfunctions of exchanging IP packets. If the registration andauthentication process does not happen within the preset time limit, themobility server may refuse the IP packets coming from the new accesspoint. The additional registration and authentication process providethe wireless communication system with protection against potentialattacks, such as spoofing.

In an embodiment, to prevent disruption to the telecommunication sessionwhen the registration and authentication process is not successful, aconnection may be made to the mobility server through a cellularnetwork.

The features and advantages of the present invention may be betterunderstood with reference to the figures and discussions that follow.

FIG. 28 shows, in an embodiment of the invention, a block diagram of auser on a mobility client roaming between two access points managed by asingle controller. Consider the situation wherein, for example, a userof a mobility client 2816 is conversing with a user of an outsidetelephone 2802. The IP packets (e.g., voice packets) may traversethrough a carrier network 2860 to connect with a user on mobility client2816 within an enterprise 2800. The IP packets may be first received bya PBX 2810. PBX 2810 may then route the IP packet through an internal IPnetwork 2812 (e.g., intranet) to mobility server 2818. From mobilityserver 2818, the IP packets may be sent to mobility client 2816 via IPnetwork 2812 and an access point 2862 (as shown by a path 2892).

During the telecommunication session, the user of mobility client 2816may roam from access point 2862 to an access point 2861 (as shown by apath 2890). In this example, access point 2862 and access point 2861 maybe managed by the same controller. Thus, both access points may sharethe same IP address space, not requiring a new IP address for themobility client.

As the user of mobility client 2816 move toward access point 2861, amobility manager client module 2874 in mobility client 2816 may bemonitoring the signal levels and may be communicating the signal levelchanges to a mobility manager server module 2884 in mobility server2818. In an embodiment, mobility manager client module 2874 may beconfigured to receive and evaluate current state of connectivity withinformation such as signal strength data and other parameters to detectimminence of handoffs and to make handoff decisions. In an embodiment ofthe invention, mobility manager server module 2884 of mobility server2818 may be configured to receive and store connectivity information ofmobility client 2816.

Since mobility manager client module 2874 is aware of the Wi-Fiinfrastructure, mobility manager client module 2874 may realize that ahandoff may be possible in order to receive better connectivity. In anexample, the signal level provided by access point 2862 may be weakeningwhile the signal level provided by access point 2861 may be gettingstronger. As a result, both mobility client 2816 and mobility server2818 may begin to prepare for a potential handoff.

To prepare for the handoff, mobility manager client module 2874 mayinform call control client module 2872 that a handoff is possible. Asaforementioned in FIG. 10, a call control client module 2872 may beconfigured to manage outgoing data and incoming data of mobility client2816. Call control client module 2872 may notify a voice engine module2870 to begin buffering the IP packets that may be sent out to mobilityserver 2818.

In an embodiment, to perform the buffering, voice engine module 2870 mayinclude a client data storage 2878 and a client buffer timer 2876.Client data storage 2878 may be configured to buffer outgoing IP packetsof mobility client 2816 when a handoff is imminent. Client buffer timer2876 may be configured for the duration that client data storage 2878has buffered the outgoing IP packets. If the duration exceeds apredetermined duration, client data storage 2878 may discard theoutgoing IP packets that have been buffered, to prevent transmission ofextensively delayed data, in an embodiment. The predetermined durationmay depend upon the characteristics of the outgoing IP packets. In anexample, if the outgoing IP packets are voice data, the length of thepredetermined duration may be 200 ms or less.

Meanwhile, mobility manager server module 2884 may inform a call controlserver module 2882, which is configured to perform functions relating toestablishing telecommunication session, that a handoff is possible. Inan embodiment, call control server module 2882 may inform a media serverand voice quality engine module 2880 through a resource manager module2886 to begin buffering the IP packet that may be received from outsidetelephone 2802.

In an embodiment, media server and voice quality engine module 2880 mayinclude a server data storage 2888 and a server buffer timer 2892.Server data storage 2888 may be configured to buffer outgoing IP packetsto mobility client 2816 when a handoff is forthcoming. Server buffertimer 2892 may be configured for the duration that server data storage2888 has buffered outgoing IP packets to mobility client 2816. If theduration reaches a predetermined duration, server data storage 2888 maydiscard the outgoing IP packets that have been buffered, to preventtransmission of extensively delayed data, in an embodiment.

Once one or more criteria (e.g., signal strength, channel loading,and/quality of communication) have been met, mobility client 2816 maydisconnect from access point 2862 and establish a connection with accesspoint 2861. Mobility server 2818 may now route the telecommunicationsession to mobility client 2816 through IP network 2812 and access point2861 (as shown by a path 2894) to establish a telecommunication sessionbetween mobility client 2816 and outside telephone 2802

Mobility manager client module 2874, after recognizing that the handoffhas completed, may notify mobility manager server module 2884. Uponreceiving the notification, the mobility server 2818 may begin to sendthe buffered IP packets to mobility client 2816. At the same time,mobility client 2816 may begin to send its buffered IP packets also.Upon receiving the IP packets, both mobility server 2818 and mobilityclient 2816 may perform synchronization to determine which incoming IPpackets have not been previously received.

Although an IP address change has not occurred during the handoff (sinceboth access points 2861 and 2862 are managed by the same controller), agap may exist while the handoff occurs. To address the gap issue, thesynchronization of IP packets by both mobility server 2818 and mobilityclient 2816 may ensure that IP packets are not lost during the handoff.Thus, the transition may appear seamless to both parties.

FIG. 29 shows, in an embodiment of the invention, a block diagram of auser on a mobility client roaming between two access points that may bemanaged by two different controllers. The embodiment described in FIG.29 is similar to the embodiment described in FIG. 28 except, a change ofIP address may require the mobility client to register with the mobilityserver through the new access point.

Consider the situation wherein, for example, the user of mobility client2816 connected to access point 2861 begins to roam outside of enterprise2800 (as shown by a path 2900) toward an access point 2902. In thisexample, access point 2902 and access point 2861 may be managed bydifferent controller. Thus, both access points do not share the same IPaddress space and the mobility client will be forced to change its IPaddress.

As aforementioned, mobility manager client module 2874 and mobilitymanager server client module 2884 may be sharing connectivity statusdata. As the user of mobility client 2816 roams away from access point2861 and toward access point 2902, mobility manager client module 2874may notify mobility manager server module 2884 of an imminent handoff.Thus, both mobility client 2816 and mobility server 2818 may begin toprepare for a potential handoff. Once one or more criteria (e.g., signalstrength, channel loading, and/quality of communication) have been met,both voice engine module 2870 and media server and voice quality enginemodule 2880 may begin buffering outgoing IP packets.

Once mobility client 2816 disconnects from access point 2861 andestablish a connection with access point 2902. At this point, mobilitymanager client module 2874 may notify mobility manager server module2884 that a connection has been created with access point 2884. Inaddition voice engine 2870 may end its buffer timer and begin sendingthe buffered IP packets to mobility server 2818.

In an embodiment, if a new connection with access point 2902 requires anew IP address, then mobility client 2816 may have to re-register withmobility server 2818 through the new access point. In an embodiment, themobility server 318 may buffer the incoming IP packets from mobilityclient 2816 until the registration process has completed.

In an embodiment, media server and voice quality engine module 2880 ofmobility server 2818 may include an authentication timer 2990.Authentication timer 2990 may be configured to measure the amount oftime mobility client 2816 may take to register with mobility server 2818when a change of IP address has occurred. If mobility client 2816 doesnot register within an allowed authentication time limit, mobilityserver 2818 may reject the handoff, to prevent potential securityproblems.

If the registration and authentication occur within the time limit, thenmobility server 2818 may allow the buffered IP packets to flow to thedesignated party. In the prior art, a change in IP address generallyresult in a significant gap during which data loss may occur. To addressthe gap issue, the synchronization of IP packets by both mobility server2818 and mobility client 2816 may ensure that IP packets are not lostduring the handoff. Thus, the transition may appear seamless to bothparties.

Mobility server 2818 may now route the telecommunication session tomobility client 2816 through IP network 2812, a firewall 2920, anInternet 2950 and access point 2902 (as shown by a path 2904) toestablish a telecommunication session between mobility client 2816 andoutside telephone 2802.

In an embodiment, if the user of mobility client 2816 is not able toauthenticate within the pre-defined time limit, a cellular connectionthrough a cellular network 2962 (as described in FIGS. 12 and 13)between mobility server 2818 and mobility client 2816 may be establishedto prevent disruption in the telecommunication session. The switch to acellular connection may provide sufficient time for mobility client 2816to attempt another authentication/registration.

FIG. 30 shows, in accordance with one or more embodiments of the presentinvention, a call flow of a roaming scenario that does not involve an IPaddress change (as discussed in FIG. 28).

An establish connection 3002 between outside telephone 2802 and mobilityclient 2816 via mobility server 2818 may exist. Established connection3002 may include two legs 3004 and 3006. Leg 3004 is associated with theconnection between outside telephone 2802 and mobility server 2818. Inan example, outside telephone 2802 may be connected to mobility server2818 via carrier network 2860, PBX 2810, and IP network 2812. Leg 3006may be associated with the connection between mobility client 2816 andmobility server 2818. In an example, mobility client 2816 may beconnected to mobility server 2818 via IP network 2812 and access point2862.

During the telecommunication session, data about the connectivity statusof mobility client 2816 may be continuously communicated to mobilityserver 2818. As the user of mobility client 2816 roams from access point2862 to another access point 2861, mobility manager client module 2874may send a notification to mobility manager server module 2884 that ahandoff may be possible (step 3010). At a next step 3012, mobilitymanager server module 2884 may forward the notification to call controlserver module 2882. Call control server module 2882 may forward thenotification call to media server and voice quality engine module 2880via resource manager 2886 (steps 3014 and 3016).

At a next step 3018, upon receiving the notification, media server andvoice quality engine module 2880 may begin to buffer the incoming IPpackets from outside telephone 2802. Meanwhile, mobility manager clientmodule 2874 may notify voice engine module 2870 via call control clientmodule 2872 to begin buffering the outgoing IP packets (step 3020).Throughout this transition, both voice engine module 2870 and mediaserver and voice quality engine module 2880 may still be sending IPpackets. However, to ensure that the weakening signal level does notinadvertently cause IP packets loss, IP packets may be buffered forlater synchronization.

Once one or more criteria (e.g., signal strength, channel loading,and/quality of communication) have been met, call control client module2872 will acknowledge the connection with access point 2861 (step 3024).At around the same time, call control client module 2872 may notifymobility manager client module 2874 that the roaming period hasterminated. At a next step 3030 mobility manager client module 2874 maythen forward the notification (i.e., that roaming has terminated) tomobility manager server module 2884. Upon receiving the notificationmobility manager server module 2884 may notify call control servermodule 2882 that roaming has completed (step 3032). Upon receiving thenotification, call control server module 2882 may notify media serverand voice quality engine module 2880 via resource manager module 2886that roaming has completed (steps 3034 and 3036). At a next step 3026,voice engine module 2870 of mobility client 2816 may begin sending thebuffered IP packets to media server and voice quality engine module 2880through the new access point 2861. Upon receiving the IP packets, mediaserver and voice quality engine module 2880 may in turn send thebuffered IP packets to voice engine module 2870 (3028). In anembodiment, both voice engine module 2870 and media server and voicequality engine module 2880 may first synchronize the incoming IP packetsagainst the received IP packets to ensure that IP packets have not beenlost.

The new connection 3038 may now include legs 3004 and 3040. Leg 3004 hasnot changed and still includes the media traffic from outside telephone2802 to mobility server 2818 through carrier network 2860, PBX 2810, andIP network 2812. Leg 3040 has replaced leg 3006 and now includes mediatraffic flowing from mobility server 2818 to mobility client 2816 via IPnetwork 2812 and access point 2861.

FIG. 31 shows, in accordance with one or more embodiments of the presentinvention, a call flow of a roaming scenario that involves IP addresschange (as discussed in FIG. 29).

An establish connection 3102 between outside telephone 2802 and mobilityclient 2816 via mobility server 2818 may exist. Established connection3102 may include two legs 3104 and 3106. Leg 3104 may be the sameconnection as leg 3004 and may be associated with the connection betweenoutside telephone 2802 and mobility server 2818. Leg 3006 may beassociated with the connection between mobility client 2816 and mobilityserver 2818 via access point 2861.

Step 3108 through step 3120 are similar to step 3008 through step 3020of FIG. 30. In other words, mobility client 2816, which has beencommunicating its connectivity status with mobility server 2818, maynotice that signal level coming from access point 2861 may be weakeningand that signal level coming from access point 2902 may be gettingstronger. Mobility client 2816 may notify mobility server 2818 toprepare for a handoff (steps 3110, 3112, 3114, and 3116). Both mobilityclient 2816 and mobility server 2818 may begin buffering outgoing IPpackets (steps 3118 and 3120).

Once one or more criteria (e.g., signal strength, channel loading,and/quality of communication) have been met, call control client module2872 will acknowledge the connection with access point 2902 (step 3122).Since access point 2861 and access point 2902 are associated withdifferent controllers, the new connection may involve an IP addresschange.

At a next step 3124, voice engine module 2870 may begin sending thebuffered IP packets to media server and voice quality engine module 2880through the new access point 2902 via Internet 2950, firewall 2920, andIP network 2812. Upon receiving the IP packets, media server and voicequality engine module 2880 may begin an authentication timer andbuffered the incoming IP packets from voice engine module 2870 (step3126).

At around the same time, call control client module 2872 may notifymobility manager client module 2874 that the roaming period hasterminated. Mobility manager client module 2874 may then forward thenotification to mobility manager server module 2884.

Meanwhile, mobility manager client module 2874 may register withmobility manager server module 2884 through the new access point 2902,at a next step 3134. Upon receiving the registration, mobility managerserver module 2884 may perform authentication. If the registration andauthentication process does not complete in a timely manner (i.e.,within the allowed authentication time limit), mobility server 2818 mayreject the handoff.

However, if the registration and authentication process occur within thetime limit, then mobility manager server module 2884 may notify callcontrol server module 2882 that roaming has completed (step 3138). Uponreceiving the notification, call control server module 2882 may notifymedia server and voice quality engine module 2880 via resource managermodule 2886 that roaming has completed (steps 3140 and 3142). Uponreceiving the notification, at a next step 3144, media server and voicequality engine module 2880 may synchronize the incoming IP packets frommobility client 2816 against the received IP packets before forwardingthe IP packets to outside telephone 2802. Around the same time, voiceengine 2870 may be performing similar synchronization for incoming IPpackets from mobility server 2818

The new connection 3148 may now include legs 3104 and 3146. Leg 3104 hasnot changed and still includes the media traffic from outside telephone2802 to mobility server 2818 through carrier network 2860, PBX 2810, andIP network 2812. Leg 3146 has replaced leg 3106 and now includes mediatraffic flowing from mobility server 2818 to mobility client 2816 via IPnetwork 2812, firewall 2920, Internet 2950, and access point 2902.

FIG. 32 shows, in accordance with one or more embodiments of the presentinvention, a buffer scheme.

Consider the situation wherein, for example, a telecommunication sessionhas been established between mobility client 2816 and anothertelecommunication device. The telecommunication session may include, butare not limited to, audio streaming, video stream, and data streaming.In an embodiment, mobility client 2816 may be connected to thetelecommunication via mobility server 2818. During the telecommunicationsession, mobility client may be communicating its connectivity statuswith mobility server via a Wi-Fi access point.

At a first step 3202, voice engine module 2870 of mobility client 2816is exchanging IP packets with media server and voice quality enginemodule 2880 of mobility server 2818.

During the telecommunication session, mobility manager client module2874 may be communicating with mobility manager server module 2884. Ifone or more criteria (e.g., signal strength, channel loading, voicequality, and/or data transmission quality) are met and a handoff isforthcoming, then at a next step 3204, mobility manager client module2874 of mobility client may inform the mobility manager server module2884 of mobility server that a handoff is possible (e.g., another accesspoint and/or a cellular network). Upon receiving the notification,mobility manager server module 2884 may inform media server and voicequality engine module 2880 (via call control server module 2882 andresource manager module 2886) to prepare for a handoff (step 3206).Meanwhile, mobility manager client module 2874 may inform voice enginemodule 2870 to prepare for a handoff (step 3208).

Upon receiving the notification, both voice engine module 2870 and mediaserver and voice quality engine 2880 to buffer the outgoing IP packets(steps 3210 and 3212). In an embodiment, a buffer timer may be initiatedto measure the duration of time for buffering the IP packets. In anembodiment, the mobility client and/or mobility server may not have toperform buffering if IP packets are only been sent in one direction. Inan example, if the mobility client is receiving video transmission fromthe mobility server, then only the mobility server may have to performbuffering. In another example, if the mobility client is sending datatransmission (e.g., email), then the mobility server may not have toperform buffering.

In an embodiment, the buffer timer may expire if a pre-determined periodof time has expired. In an example, if the incoming data is associatedwith a voice call, the length of the predetermined duration may be 200ms or less. If the buffer timer has expired, then the buffered IPpackets may be discarded to prevent transmission of extensively delayeddata that may potentially cause confusion.

Meanwhile, if the handoff is imminent, mobility client 2816 maydisconnect from first access point 2861 and make a new connection withthe new access point 2902. At a next step 3214, voice engine 2870 ofmobility client 2816 may begin sending the IP buffered packet via accesspoint 2902 to media server and voice quality engine 2880 of mobilityserver 2818.

However, if the method determines that the incoming IP packets are beingsent by an unregistered mobility, media server and voice quality engine2880 may buffer the incoming IP packets until registration hascompleted. In addition, the media server and voice quality engine 2880may begin an authentication timer, which may be configured to measurethe time mobility manager client module 2874 takes to register, in anembodiment (step 3216).

At around the same time, at a next step 3218, mobility manager clientmodule 2874 may register with the mobility manager server module 2884 ofmobility server 2818. Upon receiving the registration, mobility managerserver module 2884 may perform authentication. If the registrationcompletes within a pre-defined time limit, then at a next step 3220,mobility manager server module 2884 may inform media server and voicequality engine 2880 that registration has completed. Upon receiving thenotification, media server and voice quality engine 2880 may begin toaccept the incoming IP packets from voice engine module 2870.

At around the same time, at a next step 3222, mobility manager clientmodule 2816 may inform voice engine module 2870 that registration hascompleted successfully.

At a next step 3224, the IP packets are exchanged and synchronized andthe telecommunication session between the mobility client and the othertelecommunication device may continue.

Referring back to step 3216, if the registration and authentication doesnot complete in a timely manner (e.g., pre-determined time), then theauthentication timer may expired and mobility server 2818 may reject thehandoff, to prevent security problems such as, for example, addressspoofing.

The method described in FIGS. 26-32 is not limited to only a Wi-Fi toWi-Fi handoff. Instead, the discussions are meant as examples and theinvention is not limited by the specific application presented. In anembodiment of the invention, the method may also be applied in otherhandoff scenarios, including, but are not limited to, from a Wi-Finetwork to a cellular network, from a cellular network to a Wi-Finetwork, and from one cellular network to another.

As can be appreciated from the forgoing, one or more embodiments of thepresent invention provide a wireless communication system that employs amultiple network arrangement that can be managed by an enterprise toprovide a seamless transition between wireless access points. Also, thewireless communication system includes a mobility client and mobilityserver capable of interacting with one another to determine when ahandoff is possible, enabling both the mobility server and mobilityclient to prepare for the transition. Further, the wirelesscommunication system enables the implementation of a buffering systemthat may prevent the loss of IP packets during a handoff, thus resultingin an uninterrupted telecommunication session. In addition, the wirelesscommunication system reduces the cost associated with changes toequipments (e.g., network equipments and telecommunication devices) bybeing independent of operating system, brands, and/or models. Moreover,the wireless communication system further enables a smooth transitionbetween networks when a handoff between two wireless access points isnot possible.

F. SELECTING NETWORK STACK FUNCTIONS IN HARDWARE FOR A MEDIA STREAMPROCESSING DISTRIBUTED SYSTEM

1. Background

Conventionally, a distributed system includes a software network stackfor processing all received and transmitted packets on a networkinterface. Receive packets must be classified by inspection of headerfields, and processed according to any rules associated with theclassification. Transmit packets must be processed to ensure packetheader fields are set correctly. These functions are performed at morethan one layer in the network stack. Processing a classified packetinvolves application of filter rules to drop or accept the packet,perform accounting, and application of destination or forwarding rulesto dispatch the packet to a processing engine via an internal messagebus. Network stack functions must be fully implemented to handle bothcontrol and media packets.

When using a general purpose processor or specialized network processorto perform network stack functions for a distributed system, problemswith performance and cost are common. When designing with a generalpurpose processor, a high speed processor is required meet performancerequirements and still, typically, can not reach line-rate performance.When designing with a network processor, performance requirements areachieved but a small-scale distributed system, one with most mediaprocessing engines not present, is burdened by a high initial cost. Thecost problem is compounded when the system requires redundantinterfaces. Additionally, system network access is not transparent tothe application software, requiring proprietary network accessinterfaces. This adds significant complexity (i.e. cost) to thesoftware, and limits portability.

A better network interface solution is one capable of transparentlyperforming select network stack functions in low-cost hardware for thespecific purpose of classifying, filtering and dispatching receivedEthernet packets to processing engines, and final manipulation of selectheader fields in transmitted Ethernet packets. Packets not classified bythe hardware are forwarded to a control processing engine utilized toperform non-time critical network stack processing. Using an Ethernetpacket interface between the hardware and processing engines, thissolution is transparent to software, allowing applications to utilizecommon POSIX standard network and maintain portability to other systems.The system network stack is logically running some performance-criticalfunctions in the network interface hardware for media streams, and allother network stack functions, for the small percentage of packets whichare not media packets, are running in software on a general purposeprocessor.

2. Summary

A distributed multi-processor system design using low-cost hardware toimplement select IP stack functions can achieve high levels of systemperformance and scalability at minimal cost and hardware complexity. Themethod provides for packet identification based on UDP or TCP transporttype and port number, filtering and discarding undesirable packets, andforwarding of required packets to one of several processing engines.Classification information, written into the packet by the hardwareclassifier, is used to explicitly associate a received packet with aregistered application on the processing engine; this allows theprocessing engine to avoid invoking IP stack functions already performedin hardware.

Special purpose network interface hardware is required for optimaldesign of a distributed system dedicated to media stream processing.This hardware offloads receive and transmit packet processing from thecontrol processing engines, media processing engines and digital signalprocessors (DSP), such that cost effective processor and DSP devices maybe selected. The purpose of the hardware is to classify media streampackets for direct delivery to media processing engines, and deliveryall other control traffic to a control processor. For transmit packets,the hardware performs final packet header processing, setting systemvalues in select header fields. Logically, the system network stackfunctions are distributed, or split, between the hardware, the controlprocessors, and the media processing engines. The hardware issufficiently flexible to additionally perform specialized, detailed,filtering to effectively provide a hardware firewall.

Advantages of the invention include low cost, high performance, andmaintenance of POSIX standard interfaces for application programming.These advantages enable a distributed system design to meetcost-of-goods (COGs) goals, system performance and scalabilityrequirements. By using POSIX standard network interfaces, initial andcontinuing engineering cost and resource requirements are not increased.Given the high complexity and cost of software development, and the highcost to provide a quality, defect free software release, this inventionprovides a significant advantage over far more complex alternatives.

3. Overall Architecture

The network interface hardware design for a distributed system in acost-conscious marketplace presents significant challenges. The foremostchallenge is cost. It is widely recognized that a functionally completesystem, even one with exceptional flexibility or performancecharacteristics, is not viable if cost results in sales pricesignificantly higher than market demand. Cost is multiplied by therequirement for redundancy, whether using 802.1D/w Spanning TreeProtocol or 802.3ad Multi-Link Trunking, as two network interfaces arerequired.

Use of an FPGA-based design meets the low-cost requirements, providesflexibility sufficient to implement selected IP functions per the systemdesign, allows for future requirements, and provides line-rateperformance. Once the FPGA hardware has classified a packet andperformed the defined IP functions, the decision information is providedwith the classified packet when it is dispatched, or distributed, to thespecified processing engine. When this action is necessary, the Ethernettype field is set to indicate the IP functions which have beenperformed, and those IP functions required to be performed next. Theprocessing engine, upon receiving the classified packet, skips IPclassification functions, including filter actions, already performedinserts the packet into the network stack at the indicated point.

The system architecture consists of several blocks, each with one ormore internal blocks. The system network interface hardware requires oneor two Ethernet interfaces, depending on the redundancy requirement. Thepacket dispatch hardware interconnects all control and media processingengines and the system network interface(s). Control processing enginesare designed to provide system management and control service accesspoints. Media processing engines are designed to provide low-latency,high-capacity media processing, and may include several DSPs or securityco-processors as required to meet performance specifications.

4. Receive Media Packet Processing

Received packet header processing is performed by the system networkinterface hardware as packet data starts to enter the system. Thedestination MAC is inspected to verify the packet is destined to thissystem. Since the system operates in cut-through mode, the MAC frame CRCis not checked next. The MAC checksum is assumed to be a valid checksumas the packet data is received and additional network stack functionsare invoked. The Ethernet type is inspected, and non-IP packets arehandled by control packet processing.

For IP packets, processing is performed to differentiate media packetsfrom control packets. First, the destination IP address is inspected toverify the packet is destined for local delivery. IP packets notdestined to this system, or which match a drop filter entry, are countedand discarded. The IP transport protocol type is checked to be eitherTCP or UDP. After compensating for length variations due to IP headeroptions, and TCP header options if necessary, the transport protocoldestination port information is initially used for streamdemultiplexing. The port is used as an index, or key, to a media streamtable. This media stream table contains only media stream portdefinitions for the sole purpose of separating media packets fromcontrol packets. If a packet is not classified as a media packet, it isforwarded to a control processor for the remainder of the network stackprocessing. Media packets, if not requiring further demultiplexing, areprocessed per the media stream table match rules. These rules indicatecount and drop, forward to media processing engine, or demultiplex perMedia Service Access Point (MSAP) service rules.

MSAP media streams are demultiplexed using the synchronization source(SSRC) field in the Real Time Transport (RTP) or Secure Real TimeTransport (SRTP) header. When the network interface hardware classifiesa media packet by a match with the MSAP port number, the hardwarefurther identifies a selected sub-field within the RTP/SRTP SSRC. ThisSSRC sub-field is used as an index, or key, to the media stream table.As for non-MSAP media streams, these rules indicate count and drop orforward to media processing engine.

Final processing of media streams modifies the packet for delivery todestination and provides information describing which network functionswere performed. This requires changing select fields, including the MACdestination and MAC Ethernet type fields.

5. Receive Control Packet Processing

Any packet not matched by the hardware media stream classifier isdirected to the system control processor. The control processor, bydefinition, handles only management and control traffic, no mediatraffic.

Features and advantages of the present invention may be betterunderstood with reference to the figures and discussions that follow.

FIG. 33 is a prior art logic block diagram in which host processor 3302is employed not only to perform the classification and packet forwardingtasks, but also to perform other host processing tasks, for example, toset up the media stream, to service file transfer protocol (FTP), tosecure shell request, and to manage the hardware box itself. Hostprocessor 3302 receives packets from one or both physical interfaces3304 and 3306. Based on the header information in a received packet,host processor 3302 performs the classification task by, for example,determining the destination MAC address via a table lookup and then bymodifying the packet to update the destination MAC address so that thereceived packet can be forwarded to its destination.

Once updated, host processor 3302 forwards the packet to Ethernet switch3308 to enable the packet to be forwarded to one of media processingCPUs 3310 a, 3310 b, 3310 c, and 3310 d. Generally speaking, mediaprocessing CPUs 3310 a-3310 d perform the digital signaling processing(DSP) functions pertaining to the media stream. Media processingfunctions may include, for example, encoding, decoding, mixing, echocancellation, and the like.

Host processor 3302, in addition to performing the aforementionedclassification and packet forwarding tasks for the media stream packets,also handles the control packets that are received, for example, to setup and tear down calls. Furthermore, host processor 3302 also handlesother processing tasks typically expected of a host processor.Accordingly, only a portion of the processing power of host processor3302 is available for performing the classification and packetforwarding tasks.

For media stream packets, which tend to be highly sensitive to delays,the inability of host processor 3302 to handle the media stream packetsat high speed is an impediment. For example, for streaming audio,streaming video, or for internet telephony or videoconferencingapplications, the media stream packets are highly delay sensitive andneed to be forwarded in a timely manner. In order to achieve the highperformance required by the media stream packets, designers have toresort to high powered host processors. As is known, these high poweredhost processors tend to be expensive and tend to drive up the cost ofthe overall system.

FIG. 34 shows a simplified logic block diagram of a prior artimplementation in which network processors are employed to offload someof the tasks formerly performed by host processor 3302 of prior art FIG.33. Generally speaking, network processors 3402 and 3404 are provided bynetwork processor vendors, who design their network processors to handlea wide range of packets that may be encountered by a router, forexample. Accordingly, network processors 3402 and 3404 tend to be ASIC(application specific integrated circuit) chips designed to run at veryhigh speed.

In a typical network processor, in addition to classification tasks,multiple additional tasks are also provided and enabled. For ageneral-purpose router, the use of a network processor is an improvementover the host-processor-only approach of prior art FIG. 33. However, thenetwork processor approach of prior art FIG. 34 comes at a complexityand cost penalty.

Network processors 3402 and 3404, being general network processors, tendto include functionalities that are highly sophisticated, which enablenetwork processors 3402 and 3404 to handle the needs of ageneral-purpose router that handles a wide range of traffic in additionto the media traffic. Furthermore, network processors 3402 and 3404typically also handle Layer 3 traffic, adding to the complexity of thenetwork processor and the cost as well. Due to the redundancyrequirement, two or more network processors 3402 and 3404 are typicallyemployed as shown.

For media stream packets, network processors 3402 and 3404 perform theclassification task, updating the MAC address, as required, to the (new)destination MAC address, and forwarding the media stream packets to oneof the media processing units 3310 a, 3310 b, 3310 c, and 3310 d. Forpackets that require the host CPU's attention, at least one of networkprocessors 3402 and 3404 will forward these packets through EthernetSwitch 3410 to host CPU 3406 for processing. Examples of packets thatmay be handled by host CPU 3406 include, for example, control packetsfor setting up and tearing calls, status update messages from clients,and the like.

Not only is a network processor expensive but there is also a certainamount of configuration overhead that is required to set up networkprocessors 3402 and 3404 upon power up. Configuration requirements fornetwork processors, which tend to be complex circuits, add a finitedelay to the configuration time required before the system of prior artFIG. 34 can become operational. When multiple network processors arerequired to satisfy the redundancy requirement of some Ethernetapplications, the cost is multiplied accordingly.

In accordance with one aspect of the present invention, the inventorsherein realized that for VoIP (voice over internet protocol)applications, the vast majority of the packets handled by theclassification engine will be media stream packets. A router or anotherdevice may be disposed, in an embodiment, in front of the VoIP gatewayto ensure that most or all of the traffic received by the VoIP gatewayis related to VoIP traffic.

A small percentage of the packets received by the VoIP gateway may becontrol packets and/or other packets related to the management of VoIP.However, these non-media packets tend to constitute a smaller percentageof the packets received and processed by the VoIP gateway. Accordingly,the inventors herein realized that a classification engine may beimplemented on a low-cost FPGA, if many functions that are not relatedto VoIP processing can be eliminated from the FPGA's set offunctionalities. Furthermore, the inventors herein realized that fornon-media packets, the host processor is still available to handle theprocessing of those packets using software-based applications.Therefore, it is realized that processing packets at line rate speed maybe now possible at low cost for media stream packets if a low cost FPGAis configured to process the bare minimum set of functions required tohandle the majority of the media stream packets.

Generally speaking, media stream packets are of the UDP type. Eachpacket received by the VoIP gateway must be inspected to determine whataction the FPGA should take with the packet. As a packet is received inthe FPGA, the IP header is examined and the UDP port number is used toperform a lookup in the FPGA's internal table, which is setup by thehost processor as calls are being setup and torn down. The FPGA'sinternal table contains a list of ports that are currently configuredfor media stream packets. For each port that is in the table, the fieldsthat are programmed include the destination MAC address for one of themedia processing CPUs, a flag indicating whether the packet should bediscarded by the FPGA, and a counter that can be used to determine ifpackets are still being dropped. If a match between the incoming mediastream packet's port and a port within the FPGA's internal table ismade, the packet is either updated to include the MAC address of thedestination media processing CPU and forwarded for DSP processing (e.g.echo cancellation, encoding, decoding, and the like), or if the discardflag for that port is set, the packet is dropped and the discard counteris incremented.

After the media stream packet is processed by the appropriate mediaprocessing CPU, the media stream packet is then sent back to the switchto be sent out to the appropriate Ethernet physical interface onto thenext leg of the journey.

FIG. 35 shows, in accordance of an embodiment of the invention, a highlevel logic block diagram of a VoIP gateway 3500, which employs FPGAs3502 and 3504 to provide redundant Ethernet processing paths throughVoIP gateway 3500. Unlike the implementation of prior art FIG. 34, therealization that the vast majority of packets processed by VoIP gateway3500 pertains to media stream packets, which requires a small, finiteset of processing functions to service and need to be handled with highpriority and minimal delays, leads to the implementation of a vastlysimplified set of functionality within each of FPGAs 3502 and 3504(which essentially are redundant of one another for the purpose ofsatisfying the redundancy requirement of certain Ethernet applications).

For example, FPGA 3502 is designed to look only for UDP media streampackets and to handle only UDP media stream packets. For all other typesof packets, FPGA 3502 passes those packets to host CPU 3506 forhandling. Furthermore, for UDP media stream data packets, FPGA 3502performs a fast lookup using its internal UDP port table to determinewhether the packet matches one of the entries of the UDP port table.Each entry in the UDP port table reflects a media stream that hasalready been set up by host CPU 3506. If there is a match, FPGA 3502quickly performs a determination whether or not the packet should bediscarded.

If it is discarded, no further action needs to be taken. If the packetis not to be discarded, FPGA 3502 then obtains the corresponding mediaprocessing CPU module ID from the table from which it can use toformulate a new MAC destination address for the received packets.

Looking up the media processing CPU module ID employs the use of aportion of the UDP destination port number that is obtained from theheader of the incoming packet. The incoming packet employs a portion ofthe UDP destination port number as an index into the UDP port table. Ifthere is a matching entry in the UDP port table, a destination mediaprocessing CPU module ID is obtained and the destination MAC address isformulated and updated in the packet header.

Thereafter, FPGA 3502 sends the packet to Ethernet switch 3510 to besent to one of the media processing CPUs 3512 a, 3512 b, 3512 c, and3512 d. After an appropriate media processing CPU (e.g., 3512 a, 3512 b,3512 c, 3512 d, etc.) performs the media processing (e.g., theaforementioned encoding, decoding, echo cancellation, etc.), the packetis converted into a transmit packet and sent back to Ethernet 3510 to besent out via one of the FPGAs (which act as a pass through) onto thenext leg of the journey.

Note that the aforementioned processing for media stream packetsrepresents the type of processing that needs to be performed for thevast majority of packets that pass through VoIP gateway 3500.Accordingly, by simplifying the set of functions that FPGAs 3502 and3504 need to perform for a large number of media stream packetstraversing VoIP gateway 3500, it is possible to achieve line rateperformance using a low cost, simplified FPGA to lower overall systemcost while maintaining the required performance.

FIG. 36, shows in accordance with an embodiment of the presentinvention, the steps taken by the VoIP gateway 3500 in processing apacket received. A packet is received by block 3602 and processed inblock 3604 by looking up the UDP port in the UDP port table.

The UDP port information may be obtained by inspecting the packetheader. Note that for all packets other than UDP packets, no lookupaction is necessary and control is passed to block 3606, wherein thepacket is forwarded to host CPU 3506 for processing. For example, if thepacket pertains to a call set up message and the call is ready to beconnected, the host CPU will update the FPGA's UDP port table with theUDP port such that the RTP (Real time transfer protocol) stream will useand program the designated media processing CPU that the packet shouldbe forwarded to. Besides control packets, other packets which can not bematched in the UDP port table are also forwarded to the host CPU forprocessing. On the other hand, if the lookup of the UDP port in the UDPport table results in a match, control is passed to block 3608 to firstascertain whether or not the packet is to be discarded. If the packethas been marked by the host processor to be discarded, no furtherprocessing is needed and the packet can be discarded at block 3610.

On the other hand, if the packet is not to be discarded, control passesto block 3612, wherein the forwarding logic within the FPGA obtains themedia processing CPU module ID and formulates a MAC address based on theobtained media processing CPU module ID (which is obtained from the UDPport table, which is discussed in FIG. 5). The destination MAC addressof the received packet is updated to that of the media processing CPUblock 3612. In block 3614, the media stream packet is then forwarded tothe media processing CPU through the Ethernet switch for processing asmentioned earlier.

FIG. 37 show, in accordance to an embodiment of the present invention,an example of the UDP port lookup step 3604 of FIG. 36. In an embodimentof the invention, lookup has been simplified to the tasks of obtainingthe media processing CPU module ID and formulating a destination MACaddress to ensure that the received packet can be forwarded to theappropriate media processing CPU (e.g., one of media processing CPUs3512 a-3512 d of FIG. 35).

As discussed earlier, each received media stream packet has the UDPdestination port in its header (which is 16 bits). The first 6 bits ofthe UDP destination port number (3702) is input into a comparator 3704for comparison purposes. The UDP port base of the valid UDP port rangeis loaded into the base register 3706 to be used for comparison. Sincethe number of media streams supported is a finite number, the entirerange of valid UDP ports does not need to be checked. If a UDP port,when compared to the base register, does not match, the packet isforwarded to the host CPU for processing since it would not exist in theFPGA's internal UDP port table. However, if the result of the comparator3704 is positive (i.e., there is a match between the first 6 bits of theUDP destination port number obtained from the header of the receivedmedia stream packet and the UDP port base), the next ten bits (3708) ofthe UDP destination port is employed as an index into the UDP port table514 in order to obtain the information pertaining to the destination thepackets should be forwarded to, as well as whether or not packetsassociated with this media stream should be discarded. In addition, thedestination media processing CPU module ID is obtained to provide thedestination for the packet if the packet is not discarded. If thedestination media processing CPU module ID has not been initialized(i.e. it is still set to 0x0), the packet will not be modified and willbe forwarded to the host CPU for processing. Thus, as seen in FIG. 37, apositive determination out of comparator 3704 will enable the next 10bits of the UDP destination port number to be employed (3712) as anindex into UDP port table 3714. The ten bits pattern 3708 will match oneof entries 3716, 3718, and 3720 in UDP port table 3714.

With respect to matching, the method first inspects the discard bit todetermine whether or not the host CPU 3506 has marked the bit so thatthe packet associated with this media stream should be discarded. Withreference to FIG. 37, suppose that the 10 bits UDP destination portnumber that is employed as the index into UDP port table 3714 is00-0000-0001 (entry 3718). In this case, the method looks at the bit infield 3720 to determine if the discard bit has been set. If the discardbit has been set by host CPU 3506, processing by the FPGA is done andthe packet is simply discarded.

If the discard bit 3720 is not set, the FPGA then obtains thedestination media processing CPU module ID 3722, which the FPGA thenemploys to formulate the destination MAC address and to update thedestination MAC address in the received UDP media stream packet in orderto enable the received UDP media stream packet to be forwarded to theappropriate media processing CPU.

Field 3724 is a two-bit field that shows the discard status and mayinclude up to four different values to indicate the various discardedstatuses (e.g. discarded, has never been discarded, etc.). Once thereceived UDP media stream packet is updated with the destination MACaddress associated with one of the media processing CPUs, the FPGApasses the received packet to Ethernet switch 3510 (See FIG. 35) so thatEthernet switch 3510 can switch the received UDP media stream packet tothe media processing CPU for processing, as mentioned earlier.

In an embodiment, the media processing CPUs are required to beimplemented in the same chassis as the FPGAs, thereby vastly simplifyingthe control portion necessary to perform forwarding of the UDP mediastream packets from the FPGA to an appropriate media processing CPU. Ifthe media processing CPUs had been implemented outside of the chassis,the forwarding task would have been more complex, rendering the FPGAmore complex and reducing its performance, which would be detrimentalfor processing line rate media stream packets.

As can be appreciated from the foregoing, from the realization for aVoIP gateway, the vast majority of the functions offered by a typicaloff-the-shelf network processing unit are not necessary and theinclusion of these additional functions do impact the overall systemnegatively from a cost standpoint and from a complexity standpoint, theinventors are able to identify the minimal set of functions that arerequired to be performed for the vast majority of UDP media streampackets in a typical VoIP gateway.

By distilling the functions that are typically provided in a typicalnetwork processor to a set of minimum functions to be implemented in aFPGA, with these minimal functions being designed to satisfy therequirements for the vast majority of the packets received and handledby a VoIP gateway, it is now possible to employ a small and inexpensiveFPGA to perform classification functions and to handle the UDP mediastream packets, which constitute a large percentage of the packets thatare handled by the VoIP gateway.

Note that this approach would not have been an option or appear sensiblefor a general purpose router or gateway since such devices need tohandle a wide variety of packets, and the FPGA would have been unable tocope with high line speed when burdened also with complex processingtasks required to handle a variety of packet types. Since the gatewayherein is configured to receive only VoIP traffic or mostly VoIPtraffic, the approach enables the simplification of the classificationfunction and enabling the implementation via FPGAs while still achievinghigh performance.

Embodiments of the invention vastly simplify VoIP gateway design andreduce cost of VoIP gateways. Even if multiple FPGAs are required tosatisfy redundant Ethernet requirements, the use of two inexpensiveFPGAs still typically undercuts the cost of a single network processor.By eliminating the network processor, the overall cost of VoIP can bedrastically reduced, thereby enabling wider market penetration andmarket acceptance of VoIP solutions.

Beyond the financial considerations, the use of FPGAs to implement thesesimple classification functions also provides the system designer greatflexibility to handle additional media types that might come up in thefuture. Since network processors tend to be ASIC-based and thereforerather inflexible, new media packet types may render some networkprocessors incapable of handling these new media packet types,necessitating VoIP gateway replacement.

FPGAs, by their nature, are inherently more flexible due to their readyre-programmability, allowing the system designer the flexibility tomodify the FPGA programs to handle new or changing media packet types.Furthermore, by requiring the FPGA to perform relatively simple lookupfunctions only, it is easy to re-program the FPGAs to handle futurechanges, thereby eliminating the need for expensive hardware upgradesand/or minimizing network down time.

Although VoIP applications are described as illustrative examples,methods, servers, and/or systems in accordance with one or moreembodiments of the present invention may be applied to communication oftext, image, video, and/or other audio data. For example, the abovedescription of pertaining to VoIP gateways, such as VoIP gateway 3500(shown in FIG. 35), may also be applicable to a media gateway forprocessing text, image, video and/or other audio data.

6. Conclusion

By utilizing network interface hardware to perform select network stacksoftware functions, a distributed system dedicated to media processingcan realize not only significant cost and performance advantages, butalso significant technical advantages including higher systemavailability. Specifically, the network interface hardware exhibitsperformance equal to a network processor with less latency given thecut-through operation. System availability is often dominated bysoftware failures. Since this distributed system uses hardware to handlemedia streams to and from a single processing engine, less networkinterface software is required resulting in higher system availability.

G. SECURE MEDIA COMMUNICATION ACROSS ENTERPRISE GATEWAY (NAT/FIREWALL)

With the advent fixed-mobile convergence, people are using their Wi-Fienabled devices from internet for data connectivity and voice. One ofthe key requirements for voice is that it be transported over securenetwork packets. The mechanism described in this section provides securecommunication and easy traversal through any type of NAT/Firewallgateway

At present, there are no ratified standards for traversing enterpriseVoIP over the internet securely over NATs and Firewalls. Also, due tothe fact that phones and call managers do not provide a capability wherethis VoIP access is controlled at a single media service access point(MSAP) to ease provisioning and monitoring, there is no mechanism toallow an enterprise VoIP user “roam” from internet to cellular networks.

The invention provides mechanisms for securely transporting voice andassociated signaling end-to-end as illustrated in FIG. 7.

Challenges posed in designing an enterprise VoIP network hasexponentially increased with convergence {data & voice}. Withconvergence, the VoIP network is being exposed to both traditional VoIPthreats and Data traffic threats. Challenges involved in building a goodVoIP network which can communicate across enterprise gateway, tointernet, can be classified into four and are discussed in detail below.

-   -   a) Securing voice traffic    -   b) NAT Traversal (Both within enterprise and remote client on        Internet)    -   c) Firewall Traversal (Enterprise Firewall)    -   d) Securing or hardening the handset and media switch

Securing the Voice Traffic

Voice traffic when they travel through internet is practically visibleor usable by any hacker on the network. Any hacker in the middle canlisten to the conversation being made, which is the least of the threat.In the enterprise application, these calls (at least one end) areinitiated/destined from/to the enterprise. In which case, enterprisenetwork or devices in the network can come under various attacks likeReplay-attack, DoS attacks.

By making the voice secure, the advantages are

-   -   a) Privacy of the call is maintained    -   b) For the clients, if the access to the network is wireless,        securing the voice traffic is more relevant even inside the        enterprise.    -   c) Possibility of exposing the enterprise network to various        attacks are drastically reduced (though not eliminated) thus        making the network more secure

There are multiple ways to secure data traffic. Most or all of them areapplicable to voice traffic also. But due to the time sensitivity of thevoice traffic, it is desired to have a mechanism which is not veryprocessor intensive which can easily fit in into even small VoIPhandsets. Voice traffic uses RTP (over UDP) for communicating from endto end which is currently insecure. SRTP (Secure RTP) is an alternativeto make the voice traffic completely secure, from end-to-end.

With SRTP, since the voice is encrypted at the source client, anyone inthe middle (even from within the network) without the knowledge of theappropriate keys, cannot make out anything from the voice packets andhence a secure communication is established. This mechanism will be lessprocessor intensive than VPN solution.

NAT Traversal

NAT, in enterprise gateway, does IP address translation, from local IPdomain to global IP domain, for clients residing in internal enterprisenetworks. Existence of NAT in the traffic path will affect thefunctionality of some protocols, which communicates its IP address toits peers over the payload (since the payload will carry theun-translated IP address instead of translated one, this creates adisconnect). SIP is one of the protocols whose functionality getsaffected by an intermediate NAT gateway.

These NAT translations are of four types

-   -   a) Full Cone    -   b) Restricted Cone    -   c) Port Restricted Cone    -   d) Symmetric NAT

There are standard implementations to over come all these types of NATs.Of these, symmetric NAT is the most difficult one to traverse through.TURN (Traversal using Relay NAT) is the standard solution used fortraversing through symmetric NAT. STUN (Simple traversal of UDP throughNAT) is another solution which helps traverse through rest of the NATs.For a solution, to be not affected by any NAT in their path, both STUNand TURN has to be implemented. But these solutions mandate introductionof a server out in the internet. Having another new server in thesolution adds up one more device and hence complexity to the solution.Introduction of more devices is not desirable for the obvious reasonslike manageability, security . . .

With an effective design of the enterprise network and positioning ofmedia gateway, any type NAT can be traversed through effectively withoutintroducing any new entities to the voice solution.

Solution is designed such that any voice traffic between two clients isalways through the media switch in the middle. A mechanism to informremote clients of their translation information is embedded into theMedia switch, which resides inside the enterprise network. This ensuresthat end clients always know their translation information and can beeffectively used in the signaling protocol. Also, a forwarding rule fora global IP address and port (Media Service Access Point—MSAP) isconfigured at the Enterprise firewall, which will forward the trafficreceived for that MSAP to media switch. This makes the media switchaccessible from any external IP network. Since media switch, which helpsin NAT traversal, is also the other end for any client, any type of NAT(including symmetric NAT) can be traversed with this design.

Firewall Traversal

Firewalls can reside on both (Enterprise and remote) ends of the voicecommunication. For a VoIP call, at the minimum two ports (1 for RTP andone for RTCP) need to be opened up firewall. So, for n calls to happensimultaneously, 2*n ports need to be opened up. Opening up more portsposes increased security threats to the network and hence not desirablefor enterprise firewall.

Traversing the firewall at the remote end is made possible by designingthe solution to initiate the first UDP communication by remote client tomedia switch. By initiating the first communication from the remote end,firewalls at the remote end open up the corresponding ports by default.

Traversing the firewall at the enterprise end is a challenge. MSAPprovides global accessibility to media switch from any external IPnetwork. This MSAP is well utilized for NAT traversal. By effectivelyusing the MSAP, enterprise firewalls can also be traversed through withno new ports opened up for voice communication.

All remote clients are designed to communicate with the media switchthrough the same MSAP. Thus all voice traffic from remote clients endsup at the same port (MSAP) in the media switch. A mechanism is built insuch that the call identification is embedded within each and everyvoice Packet. When a packet is received at the MSAP in media switch,packets are switched appropriately based on the call ID embedded in thevoice packet. This ensures that switching of voice traffic happensproperly though all the voice traffic from external world was destinedto the same port (MSAP).

Securing Media Switch

Current design forces the media switch to receive all media traffic fromremote clients and so is exposed to all kinds of attacks from externalnetwork. By current design, media traffic uses Secure RTP (SRTP) withencryption always. By making the media traffic encrypted and secure, asdiscussed, above, the solution is more robust and secure. SRTP protocol,by itself, provides authenticity of the remote caller, providesconfidentiality through encryption, ensures integrity of the packet andprotects from replay attacks.

Over and beyond this, an extensive Access filter is also implemented inMedia switch to screen incoming packets.

Features and advantages of the invention may be better understood withreference to the figures and discussions that follow.

FIG. 38 is a prior art representation of a Voice-Over-IP (VoIP)environment in which a STUN server is employed to facilitate NAT(Network Address Translation) traversal. As discussed, network addresstranslation (NAT) is necessary in order to enable a large number ofdevices associated with a private network to communicate with theoutside world using fewer numbers of publicly routable IP addresses.

This is because publicly routable IP addresses are a precious resourceand are quite expensive to acquire. Accordingly, most ISPs typicallyprovide only a few publicly routable IP addresses to a given enterpriseto be shared among many internal users. Thus, each internal user issupplied with an internally routable IP address that is known onlyinternally within the enterprise. In order for the internal devices tobe made globally accessible, a NAT device should be present in theinternal network to do the translation from internal IP address-portpair to a globally routable IP address-port pair and vice versa.

NAT traversal is employed because certain protocols employed for VoiceOver IP or other types of media applications are sensitive to the effectof NAT. For example, SIP (Session Initiation Protocol) is one of theprotocols whose functionality may be affected by an intermediate NATgateway. Traversal allows the internal client device to obtain thetranslation scheme performed by the NAT gateway and to communicate thetranslation scheme to the destination application server so that theapplication server can resolve the disconnect between the untranslatedinternal IP address and the translated IP address.

Generally speaking, NAT traversal involves the communication between theclient device to a NAT traversal server in which the client device sendsa sample packet to the NAT traversal server. The NAT traversal serverthen responds and, by way of responding, informs the client device ofthe publicly routable IP address that has been employed by packetsoriginating from the client device. This publicly routable IP addressrepresents the IP address that has been translated using the NATgateway.

With the knowledge of its own internal IP address and the publiclyroutable IP address obtained from the response by the NAT traversalserver, the internal client device can then forward the NAT translationscheme to the application server so that the application server can makeuse of the knowledge pertaining to the NAT translation scheme in orderto resolve the difference between the internal routable IP address andthe external routable IP address of any particular received packet.

However, as mentioned, there are four types of NAT translations: fullcone, restricted cone, port restricted cone, and symmetric NAT. Insymmetric NAT, the translation scheme may depend on the destination portand the destination IP address. For example, for the communicationbetween the client device and the NAT traversal server the IPaddress-port pair of the internal client device may be translated as oneglobal IP address-port pair, while the translation for the same internalclient device for communicating with the application server may be adifferent global IP address-port pair. Accordingly, obtaininginformation regarding the translation scheme between the client deviceand the NAT traversal server may not furnish useful information to theapplication server regarding the translation scheme between the clientdevice and the application server itself.

For a NAT traversal solution to address all four types of NATtranslations, the generic NAT solution needs to be provided. In theprior art, TURN (Traversal Using Relay NAT) and STUN (Simple Traversalof UDP through NAT) are standard solutions to traverse both symmetricNAT and other types of NAT translations. To resolve all possible NATschemes, both STUN and TURN have to be implemented.

FIG. 38 is a schematic diagram of a network environment 3800 wherein aprior art STUN NAT traversal server is implemented to handle some of theNAT translation schemes (e.g., full cone, restricted cone, and portrestricted cone). It should be noted that FIG. 38 is employed toillustrate the operation of a prior art STUN NAT traversal server andnot all components and/or arrangements in FIG. 38 are considered by theinventors to be prior art since at least certain aspects of mobilityserver 3812 (server 3812) and some of the method steps by which server3812 facilitates VoIP are considered inventive. It should be apparent tothose skilled in the art that many other figures herein are to beconstrued similarly irrespective whether they are labeled as prior artsince some of the inventive components and/or arrangements may beincluded along with prior art components and/or arrangements to providecontext and to facilitate meaningful discussion.

As shown in FIG. 38, there is shown an enterprise network 3802 which iscoupled to the Internet 3808 and an enterprise gateway/firewall 3810.Enterprise network 3802 includes a plurality of Wi-Fi clients 3804 and3822, which are coupled to an Access Point (AP) 3806. Mobility server3812 (server 3812), representing the media application server, is alsocoupled to Internet 3808 via a switch 3814.

There are also shown existing PBX 3816 and existing Voice-Over-IP (VoIP)system 3818, both of which are connected to switch 3814 via anintermediate switch 3820. Through AP 3806, switch 114, and switch 3820,internal communication within enterprise network 3802 is enabled amongthe Wi-Fi clients 3804 and 3822, server 3812, existing PBX 3816 andexisting Voice Over IP system 3818. To communicate to devices outside ofenterprise network 3802, the packets traverse an enterprisegateway/firewall 3810 to Internet 3808.

FIG. 38 also shows an example SOHO network 3840, which includes anexample external client device 3842, representing a VoIP-enabled phone.External client device 3842 communicates with Internet 3808 via anAccess Point (AP) 3844 and a broadband router/modem 3846. There is alsoshown in FIG. 38 an example public hot spot network 3860, which includesan external client device 3862, representing another VoIP enabled phone.External client device 3862 communicates with an Access Point (AP) 3864to access Internet 3808 through a broadband router/modem 3866.

To enable VoIP calls between external client device 3862 and devicesmanaged by enterprise network 3802 such as Wi-Fi client 3804 (orexternal client device 3842 if external client device 3842 is a VoIPphone registered with server 3812 to be associated with an internalextension managed by existing PBX 3816), a VoIP call control protocolneeds to be employed to set up and manage the media stream betweenclient external device 3862 and the client device on the other end ofthe call.

For illustration purposes, assume that external client device 3862 isattempting to establish communication with Wi-Fi client 3804. Since theVoIP protocol may be sensitive to the NAT translation scheme implementedby broadband router/modem 3866, external client device 3862 needs tofirst obtain information regarding the NAT translation implemented bybroadband router/modem 3866. In the STUN case, the STUN solution can beapplied to traverse NAT translation of the full cone, restricted cone,and port restricted cone types. In this case, client external device3862 first sends a NAT traversal request 3880 to a STUN server 3882. TheSTUN server 3882 then responds with a NAT traversal response 3884. TheNAT traversal response 3884 informs external client device 3862 of theparticular NAT translation scheme implemented by broadband router/modem3866. This information may be communicated to external client device3862 by, for example, including the publicly routable IP address in thepayload of the response packet(s) sent to external client device 3862.For simplicity of illustration, NAT traversal request 3880 and NATtraversal response 3884 are shown by the dotted lines directly betweenexternal client device 3862 and STUN server 3882. In reality, thesecommunications take place through AP 3864, broadband router/modem 3866,Internet 3808, and communication path 3886.

External client device 3862 obtains the NAT translation schemeimplemented by broadband router/modem 3866 via the information providedin NAT traversal response 3884. External client device 3862 then sendsthe NAT translation scheme information to server 3812 via AP 3864,broadband router/modem 3866, Internet 3808, enterprise gateway/firewall3810, and switch 3814. With knowledge of the NAT translation schemeimplemented by broadband router/modem 3866, server 3812 can then setupthe VoIP call with external client device 3862 between Wi-Fi client 3804and external client device 3862. Any disconnect regarding the internallyroutable IP address employed by external client device 3862 withinhotspot network 3860 and the publicly routable IP address employed totransmit information between broadband router/modem 3866 and enterprisegateway/firewall 3810 via Internet 3808 can be resolved by server 3812using the knowledge obtained regarding the NAT translation scheme, whichhas been forwarded beforehand by external client device 3862.

As discussed, this type of STUN NAT traversal solution works well for atleast three types of NAT translations: full cone, restricted cone, andport restricted cone. For symmetric NAT, the NAT translation schemeimplemented by broadband router/modem 3866 for the communication betweenexternal client device 3862 and STUN server 3882 may differ from the NATtranslation scheme employed to communicate between external clientdevice 3862 and server 3812. Accordingly, knowledge pertaining to theNAT translation scheme implemented between STUN server 3882 and externalclient device 3862 may be inapplicable to resolve NAT translation issuesexperienced by server 3812 when external client device 3862 subsequentlycommunicates with server 3812.

FIG. 39 shows a prior art implementation of STUN/TURN (Simple Traversalof UDP through NAT/Traversal Using Relayed NAT) NAT traversalimplementation 3900, in which a secured tunnel is implemented between aSTUN/TURN server 3890 and server 3812. As shown in FIG. 39, securedtunnel 3902 is employed to facilitate communication between externalclient device 3862 and server 3812, at least for the portion of thejourney between STUN/TURN server 3890 and server 3812. Accordingly, VoIPmedia packets (such as voice packets) are transmitted from externalclient device 3862 through AP 3864, broadband router/modem 3866,Internet 3808, TURN server 3890, back to Internet 3808 throughenterprise gateway/firewall 3810, switch 3814, and arriving at server3812. In other words, STUN/TURN server 3890 not only furnishesinformation regarding the NAT translation to external client device 3862but also acts as a relay station to facilitate transmission of actualVoIP packet carrying the voice information between external clientdevice 3862 and server 3812. Since the same communication path betweenexternal client device 3862 and STUN/TURN server 3890 is employed forNAT traversal and for the actual media packets transfer, the same NATtranslation is performed for the communication between external clientdevice 3862 and STUN/TURN server 3890 during the NAT traversalrequest/NAT traversal response session, and for the subsequentcommunication between external client device 3862 and server 3812 duringwhich STUN/TURN server 3890 acts as an intermediate relay station.

However, it is realized by the inventors that the inclusion of STUN/TURNserver 3890, as necessary as such may be to handle the symmetric NATsituation, involves several disadvantages. For example, STUN/TURN server3890 needs to be managed by the enterprise IT staff, adding to thecomplexity of the VoIP implementation and maintenance. Further,STUN/TURN server 3890 needs to be implemented outside of the enterprisegateway/firewall 3810 and the associated firewall, opening STUN/TURNserver 3890 to security risks. The introduction of another entity in thecommunication path for media packets between external client device 3862and server 3812 also introduces reliability risks as well as additionaldelays. For delay-sensitive applications, such as real time voiceconversations, such delays may be noticeable to some users andintolerable to others. Additionally, STUN/TURN server 3890 acts as theintermediate relay point for all external client devices thatcommunicate with client devices in enterprise network 3802. Accordingly,STUN/TURN server 3890 suffers from scalability issues as the number ofclient VoIP devices handled by server 3812 increases.

FIG. 40 shows, in accordance with an embodiment of the presentinvention, a generalized NAT traversal arrangement 4000 in which allfour types of NAT translations can be traversed while eliminating therequirement that an external NAT traversal server (such as TURN server3890 or STUN server 3882 of prior art FIG. 39 and FIG. 38 respectively)be maintained outside of the enterprise firewall. In FIG. 40, theSTUN/TURN server functionality is implemented in the same chassis as amobility server, as represented by a mobility server-STUN/TURN server4092 (server 4092).

Furthermore, since NAT traversal requires the STUN/TURN server to beaccessible from an external client device for the purpose ofaccomplishing the NAT traversal, embodiments of the invention employs atechnique known as Port Forwarding in which the enterprise gateway 4010is provisioned such that any traffic destined to itself with port numberas the SIP port or the MSAP (Media Service Access Point) port, should beforwarded directly to server 4092, thereby rendering server 4092accessible to the external world through a combination of the publiclyaddressable IP address associated with enterprise network 4002 (and thespecific port number, such as the MSAP port number or the SIP portnumber).

Note that embodiments of the invention require that Server 4092 or amobility server and a STUN like server be implemented internally as wellas the use of port forwarding to ensure that the STUN/TURN server or theSTUN like server be accessible by an external client device for thepurpose of NAT traversal. When external client device 3862 wishes tocommunicate with one of the devices managed by enterprise network 4002,such as Wi-Fi client 3804 or Wi-Fi client 3822 (or external clientdevice 3842, if external client device 3842 is registered to be managedby Server 4092), external client device 3862 first performs the NATtraversal by sending a NAT traversal request 4080 to Server 4092 andreceiving a NAT traversal response 4012. As in before, the NAT traversalrequest and NAT traversal response actually traverse AP 3864, broadbandrouter/modem 3866, Internet 3808, enterprise gateway 4010, switch 3814,and Server 4092. Since the STUN/TURN server application in Server 4092communicates with Internet 3808 via the mechanism of port forwarding,Server 4092 appears to external client device 3862 to be an externallyaccessible device and thus external client device 3862 can directlyaddress the STUN application in Server 4092 using a combination of thepublicly routable IP address of enterprise network 4002 and the desiredport number on server 4092.

Knowledge regarding the NAT translation scheme implemented by broadbandrouter/modem 3866 is then communicated to Server 4092 to facilitate thesubsequent call setup (e.g., via the SIP protocol in an embodiment) andthe actual bi-directional transmission of media packets between externalclient device 3862 and Server 4092 (e.g., via the MSAP port of Server4092). That is, Server 4092 can subsequently use a signaling protocolsuch as SIP to establish call path between external client device 3862and Wi-Fi client 3804 via Server 4092. Further, media packetcommunication between external client device 3862 and Wi-Fi client 3804are exchanged along a communication path in which Server 4092 isdisposed in between.

Note that since the actual media switch of the server 4092 is alsoimplemented in the same chassis as the STUN server, any type of NAT(including symmetric NAT) traversal can be accomplished with theimplementation of FIG. 40 since the same translation would be employedto communicate between external client device 3862 and server 4092 forboth the NAT traversal session, the call setup session, and the actualtransmission of media VoIP packets.

As can be appreciated from the foregoing, embodiments of the inventioneliminate the requirement of an external STUN/TURN server (such asSTUN/TURN server 3890 or STUN server 3882 of prior art FIGS. 39 and 38,respectively). This elimination eliminates the security risk associatedwith maintaining a server outside of the enterprise firewall. With theelimination of an intermediate relay point, the delay associated withtransmitting media packets between an external client device and aclient device managed by enterprise network 4002 through a secure tunnelis reduced.

It is observed by the inventors herein that the MSAP port, which isemployed for NAT traversal, may also be used to reduce the number ofports opened per communication session between any N client devices.With respect to FIG. 41, for example, without the use of the MSAP port,a media stream between external client device 3862 and external clientdevice 3842 requires two ports for servicing the two legs 4102 and 4104of the communication path. This is because the traditional VoIP setupopens two ports at server 4106 and through enterprise gateway/firewall3810, with a bi-directional stream from each of client devices 3842 and3862 using one port.

In accordance with an embodiment of the present invention, the MSAP portis employed to service media streams for the client devices irrespectiveof the number of legs per call. With respect to FIG. 42, for example, asingle MSAP port 4200 on server 4202 is employed to service the mediastreams to and from both external client device 3862 and external clientdevice 3842. By using a single MSAP port for both legs of the call, thenumber of ports opened at enterprise gateway/firewall 3810 is reduced,which in turn reduces the management overhead and the security risksassociated with having multiple ports opening simultaneously.

Recalling from the discussion in connection with port forwarding thatVoIP packets are routed using a combination of IP address and portnumbers on the part of server 4202, another mechanism must now beemployed to associate voice packets with their conversations since onlya single MSAP port exists for all media streams to and from clientdevices. In accordance with an embodiment of the present invention, thesolution involves not only using a single MSAP port on server 4202 forall media communication streams to and from the client devices, but alsoinvolves associating media stream packets with conversations for routingpurposes based on information other than the port number (since there isonly one MSAP port for all media streams with the approach of FIG. 42).In an embodiment, each packet is inspected for its media stream ID, andthe media stream ID is then employed to associate packets with mediastreams in order to ascertain the destination device to which aparticular media (such as voice) packet needs to be forwarded.

In an embodiment of the present invention, the association between apacket and its media stream for the purpose of packet routing involvesemploying server 4202 to take a quick peek into the header of the voicepacket in order to ascertain the media stream ID. Since deep analysis ordata manipulation is not involved, the delay associated with theacquiring the media stream ID and associating the media stream ID with aparticular conversation is vastly reduced.

Once the media stream ID is ascertained, the packet can be associatedwith a particular media stream and a particular destination clientdevice (the information for which may be kept in a call table in RAM,for example) and the packet can be appropriately routed to thedestination client device. In this manner, the MSAP port is leveragednot only for NAT traversal but also for firewall traversal in a mannersuch that the number of ports open through enterprise gateway/firewall3810 of FIG. 42 is substantially reduced.

It can be appreciated from the foregoing, embodiments of the inventionaccomplish firewall traversal for VoIP calls while reducing the numberof open ports in the enterprise firewall through the use of a singleMSAP port to service all media streams to and from the client devices.The reduction in the number of ports in turn reduces the security risksfor the enterprise, rendering the internal network more secure againstan attack that originates externally.

Although VoIP applications are described as illustrative examples,methods, servers, and/or systems in accordance with one or moreembodiments of the present invention may be applied to communication oftext, image, video, and/or other audio data.

H. CONCLUSION

While this invention has been described in terms of several embodiments,there are alterations, permutations, and equivalents, which fall withinthe scope of this invention. It should also be noted that there are manyalternative ways of implementing the methods and apparatuses of thepresent invention. Furthermore, embodiments of the present invention mayfind utility in other applications. The abstract section is providedherein for convenience and, due to word count limitation, is accordinglywritten for reading convenience and should not be employed to limit thescope of the claims. It is therefore intended that the followingappended claims be interpreted as including all such alterations,permutations, and equivalents as fall within the true spirit and scopeof the present invention.

1. A method for implementing communication between at least two clientdevices, a first client device of said at least two client devices beingdisposed externally with respect to a firewall of an internal network,the method comprising: performing NAT (Network Address Translation)traversal between said first client device and a media server that isdisposed internally with respect to said firewall of said internalnetwork, said NAT traversal configured to ascertain a NAT schemeemployed for exchanging packets with said first client device;establishing a communication path at least between said media server andsaid first client device, wherein logic for implementing said NATtraversal and logic for implementing said establishing saidcommunication path are both implemented in said media server; andemploying said media server to facilitate said communication.
 2. Themethod of claim 1 wherein said communication represents at leasttransmission of at least one of text data, voice data, image data, andvideo data.
 3. The method of claim 1 wherein said first client devicerepresents a VoIP (Voice over IP) device, and said communicationrepresents VoIP calls.
 4. The method of claim 1 further comprisingforwarding media streams to said media server using a port forwardingmechanism.
 5. The method of claim 1 further comprising routing mediapackets using a combination of at least one IP address and at least oneport number associated with said media server.
 6. The method of claim 1wherein media streams between said media server and said at least twoclient devices pass through a single port in said firewall.
 7. Themethod of claim 1 wherein media streams between said media server andsaid at least two client devices pass through a single port on saidmedia server.
 8. The method of claim 1 further comprising inspectingmedia packets received at said media server for media stream IDs, saidmedia stream IDs being employed to associate individual ones of saidmedia packets received at said media server with media streams beinghandled by said media server.
 9. The method of claim 8 wherein headersof said media packets are inspected for said media stream IDs.
 10. Themethod of claim 1 wherein said logic for implementing said NAT traversalemploys at least one of a TURN (Traversal Using Relay NAT) scheme and aSTUN (Simple Traversal of UDP through NAT) scheme.
 11. A server forfacilitating communication between at least two client devices, a firstclient device of said at least two client devices being disposedexternally with respect to a firewall of an internal network, the serverdisposed internally with respect to said firewall of said internalnetwork, the server comprising: first logic for performing NAT (NetworkAddress Translation) traversal between said first client device and saidserver; and second logic for establishing a communication path at leastbetween said server and said first client device.
 12. The server ofclaim 11 wherein said first logic is configured to implement at leastone of a STUN (Traversal Using Relay NAT) scheme and a TURN (SimpleTraversal of UDP through NAT) scheme.
 13. The server of claim 11 whereinsaid first logic is configured to communicate with an external networkthrough a port forwarding mechanism, the external network being disposedexternally with respect to said firewall of said internal network. 14.The server of claim 11 further comprising a media switch application forrouting media streams destined to at least one of said at least twoclient devices.
 15. The server of claim 11 further comprising a portconfigured to service media streams between said media server and saidat least two client devices.
 16. The server of claim 15 wherein saidport represents a MSAP (Media Service Access Point) port configured toexecute MSAP rules.
 17. The server of claim 11 further comprising aninspecting mechanism for inspecting media packets received at saidserver for media stream IDs, said media stream IDs being employed toassociate individual ones of said media packets received at said serverwith media streams being handled by said server.
 18. The server of claim11 wherein said communication represents at least transmission of atleast one of text data, voice data, image data, and video data.
 19. Theserver of claim 11 wherein said communication represents VoIP calls. 20.The server of claim 11 wherein a second client device of said at leasttwo client devices registered to be managed by said server.
 21. Acommunication system comprising: a firewall of an internal network; atleast two client devices, a first client device of said at least twoclient devices being disposed externally with respect to said firewallof said internal network; a server disposed internally with respect tosaid firewall of said internal network and configured to store firstlogic for performing NAT (Network Address Translation) traversal betweensaid first client device and said server and to store second logic forestablishing a communication path at least between said server and saidfirst client device.
 22. The communication system of claim 21 whereinsaid first client device represents a VoIP client device.
 23. Thecommunication system of claim 21 wherein said server includes a portconfigured to service media streams between said media server and saidat least two client devices.
 24. The communication system of claim 21wherein said first logic is configured to communicate with said firstclient device through a port forwarding mechanism.
 25. The communicationsystem of claim 21 wherein said first logic is configured to implementat least one of a STUN (Traversal Using Relay NAT) scheme and a TURN(Simple Traversal of UDP through NAT) scheme.